diff --git a/CHANGELOG.md b/CHANGELOG.md index 824f6f2..a330fe0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,6 @@ +## 3.2.1 + - Changes sensitive configs type to Password for better protection from leaks in debug logs. [#35](https://github.com/logstash-plugins/logstash-input-salesforce/pull/35) + ## 3.2.0 - Added `use_tooling_api` configuration to connect to the Salesforce Tooling API instead of the regular Rest API. [#26](https://github.com/logstash-plugins/logstash-input-salesforce/pull/26) diff --git a/docs/index.asciidoc b/docs/index.asciidoc index 2221e19..76c71b0 100644 --- a/docs/index.asciidoc +++ b/docs/index.asciidoc @@ -76,9 +76,9 @@ This plugin supports the following configuration options plus the <> |<>|No | <> |<>|Yes -| <> |<>|Yes -| <> |<>|Yes -| <> |<>|Yes +| <> |<>|Yes +| <> |<>|Yes +| <> |<>|Yes | <> |<>|No | <> |<>|No | <> |<>|No @@ -119,7 +119,7 @@ https://help.salesforce.com/apex/HTViewHelpDoc?id=connected_app_create.htm ===== `client_secret` * This is a required setting. - * Value type is <> + * Value type is <> * There is no default value for this setting. Consumer Secret from your oauth enabled connected app @@ -128,7 +128,7 @@ Consumer Secret from your oauth enabled connected app ===== `password` * This is a required setting. - * Value type is <> + * Value type is <> * There is no default value for this setting. The password used to login to sfdc @@ -137,7 +137,7 @@ The password used to login to sfdc ===== `security_token` * This is a required setting. - * Value type is <> + * Value type is <> * There is no default value for this setting. The security token for this account. For more information about diff --git a/lib/logstash/inputs/salesforce.rb b/lib/logstash/inputs/salesforce.rb index 62a8535..56ab411 100644 --- a/lib/logstash/inputs/salesforce.rb +++ b/lib/logstash/inputs/salesforce.rb @@ -72,17 +72,17 @@ class LogStash::Inputs::Salesforce < LogStash::Inputs::Base # https://help.salesforce.com/apex/HTViewHelpDoc?id=connected_app_create.htm config :client_id, :validate => :string, :required => true # Consumer Secret from your oauth enabled connected app - config :client_secret, :validate => :string, :required => true + config :client_secret, :validate => :password, :required => true # A valid salesforce user name, usually your email address. # Used for authentication and will be the user all objects # are created or modified by config :username, :validate => :string, :required => true # The password used to login to sfdc - config :password, :validate => :string, :required => true + config :password, :validate => :password, :required => true # The security token for this account. For more information about # generting a security token, see: # https://help.salesforce.com/apex/HTViewHelpDoc?id=user_security_token.htm - config :security_token, :validate => :string, :required => true + config :security_token, :validate => :password, :required => true # The name of the salesforce object you are creating or updating config :sfdc_object_name, :validate => :string, :required => true # These are the field names to return in the Salesforce query @@ -141,10 +141,10 @@ def client def client_options options = { :username => @username, - :password => @password, - :security_token => @security_token, + :password => @password.value, + :security_token => @security_token.value, :client_id => @client_id, - :client_secret => @client_secret + :client_secret => @client_secret.value } # configure the endpoint to which restforce connects to for authentication if @sfdc_instance_url && @use_test_sandbox diff --git a/logstash-input-salesforce.gemspec b/logstash-input-salesforce.gemspec index 72dc055..614d678 100644 --- a/logstash-input-salesforce.gemspec +++ b/logstash-input-salesforce.gemspec @@ -1,6 +1,6 @@ Gem::Specification.new do |s| s.name = 'logstash-input-salesforce' - s.version = '3.2.0' + s.version = '3.2.1' s.licenses = ['Apache License (2.0)'] s.summary = "Creates events based on a Salesforce SOQL query" s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program" diff --git a/spec/inputs/salesforce_spec.rb b/spec/inputs/salesforce_spec.rb index 893e707..2bb9ab0 100644 --- a/spec/inputs/salesforce_spec.rb +++ b/spec/inputs/salesforce_spec.rb @@ -8,10 +8,10 @@ let(:options) do { "client_id" => "", - "client_secret" => "", + "client_secret" => ::LogStash::Util::Password.new("secret-key"), "username" => "", - "password" => "", - "security_token" => "", + "password" => ::LogStash::Util::Password.new("secret-password"), + "security_token" => ::LogStash::Util::Password.new("secret-token"), "sfdc_object_name" => "" } end @@ -35,10 +35,10 @@ let(:options) do { "client_id" => "", - "client_secret" => "", + "client_secret" => ::LogStash::Util::Password.new("secret-key"), "username" => "", - "password" => "", - "security_token" => "", + "password" => ::LogStash::Util::Password.new("secret-password"), + "security_token" => ::LogStash::Util::Password.new("secret-token"), "sfdc_object_name" => "Lead", "sfdc_fields" => ["Something"] } @@ -67,10 +67,10 @@ let(:options) do { "client_id" => "", - "client_secret" => "", + "client_secret" => ::LogStash::Util::Password.new("secret-key"), "username" => "", - "password" => "", - "security_token" => "", + "password" => ::LogStash::Util::Password.new("secret-password"), + "security_token" => ::LogStash::Util::Password.new("secret-token"), "sfdc_object_name" => "Lead" } end @@ -94,10 +94,10 @@ let(:options) do { "client_id" => "", - "client_secret" => "", + "client_secret" => ::LogStash::Util::Password.new("secret-key"), "username" => "", - "password" => "", - "security_token" => "", + "password" => ::LogStash::Util::Password.new("secret-password"), + "security_token" => ::LogStash::Util::Password.new("secret-token"), "sfdc_object_name" => "Lead", "sfdc_fields" => ["Id", "IsDeleted", "LastName", "FirstName", "Salutation"], "sfdc_filters" => "Email LIKE '%@elastic.co'" @@ -137,10 +137,10 @@ let(:options) do { "client_id" => "", - "client_secret" => "", + "client_secret" => ::LogStash::Util::Password.new("secret-key"), "username" => "", - "password" => "", - "security_token" => "", + "password" => ::LogStash::Util::Password.new("secret-password"), + "security_token" => ::LogStash::Util::Password.new("secret-token"), "sfdc_instance_url" => "my-domain.my.salesforce.com", "sfdc_object_name" => "Lead" } @@ -165,10 +165,10 @@ let(:options) do { "client_id" => "", - "client_secret" => "", + "client_secret" => ::LogStash::Util::Password.new("secret-key"), "username" => "", - "password" => "", - "security_token" => "", + "password" => ::LogStash::Util::Password.new("secret-password"), + "security_token" => ::LogStash::Util::Password.new("secret-token"), "sfdc_instance_url" => "my-domain.my.salesforce.com", "sfdc_object_name" => "Lead", "use_test_sandbox" => true @@ -200,10 +200,10 @@ { "api_version" => "52.0", "client_id" => "", - "client_secret" => "", + "client_secret" => ::LogStash::Util::Password.new("secret-key"), "username" => "", - "password" => "", - "security_token" => "", + "password" => ::LogStash::Util::Password.new("secret-password"), + "security_token" => ::LogStash::Util::Password.new("secret-token"), "use_tooling_api" => true, "sfdc_object_name" => "ApexTestRunResult" }