logstash-9.2/9.2.3 package update

logstash-9.2.yaml

@@ -16,11 +16,13 @@
 #    subpackage to be installed separately.
 package:
   name: logstash-9.2
-  version: "9.2.2"
-  epoch: 2 # CVE-2025-14762.
+  version: "9.2.3"
+  epoch: 0 # CVE-2025-14762.
   description: Logstash - transport and process your logs, events, or other data
   copyright:
     - license: Apache-2.0
+  resources:
+    memory: 16Gi
   dependencies:
     provides:
       - ${{package.name}}-base=${{package.full-version}}
@@ -29,7 +31,7 @@ package:
       - bash # some helper scripts use bash and busybox utilities
       - busybox
       - merged-usrsbin
-      - openjdk-17-default-jdk
+      - openjdk-21-default-jdk
       - wolfi-baselayout
 
 var-transforms:
@@ -65,7 +67,7 @@ environment:
       - logstash-integration-jdbc
       - logstash-output-opensearch
       - net-tools
-      - openjdk-17-default-jdk
+      - openjdk-21-default-jdk
       - posix-libc-utils
       - sed
       - yq
@@ -87,7 +89,7 @@ pipeline:
     with:
       repository: https://github.com/elastic/logstash
       tag: v${{package.version}}
-      expected-commit: 9f6a8176a7962e646d27c3b1862624f968394ce9
+      expected-commit: 4eb0f3f188aa1f244919622d54d3a6f7b02f7111
 
   - uses: patch
     with:
@@ -217,7 +219,7 @@ subpackages:
         - glibc-locales
         - grep
         - net-tools
-        - openjdk-17-default-jdk
+        - openjdk-21-default-jdk
         - posix-libc-utils # Required for getent
         - sed
         - wolfi-baselayout
@@ -287,7 +289,7 @@ subpackages:
             - bash
             - curl
             - busybox
-            - openjdk-17
+            - openjdk-21
             - sudo
         accounts:
           groups:
@@ -319,13 +321,14 @@ subpackages:
                     "PATH=/opt/iamguarded/logstash/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" \
                     /opt/iamguarded/scripts/logstash/entrypoint.sh \
                     /opt/iamguarded/scripts/logstash/run.sh
-                timeout: 120
+                timeout: 180
                 expected_output: |
                   Starting Logstash setup
                   Starting Logstash
                   Starting http input listener
                 post: |
                   #!/bin/sh -e
+                  sleep 1
                   url=http://localhost:8080
                   response=$(curl -fsS --connect-timeout 10 --max-time 20 --retry 5 --retry-delay 1 --retry-max-time 40 "$url") || {
                     echo "curl ${url} failed $?"
@@ -341,28 +344,48 @@ subpackages:
   - name: ${{package.name}}-env2yaml
     description: Merge environment variables into logstash.yml
     pipeline:
-      - working-directory: docker/data/logstash/env2yaml
-        pipeline:
-          - uses: go/build
-            with:
-              packages: .
-              output: env2yaml
-              ldflags: -s -w
-      - uses: strip
+      - runs: |
+          # Build the Java-based env2yaml tool using the upstream gradle task
+          ./gradlew :docker:data:logstash:env2yaml:compileJava :docker:data:logstash:env2yaml:copyRuntimeLibs
+
+          # Install compiled classes and dependencies
+          mkdir -p "${{targets.contextdir}}/usr/share/logstash/env2yaml"
+          cp -r docker/data/logstash/env2yaml/classes "${{targets.contextdir}}/usr/share/logstash/env2yaml/"
+          cp -r docker/data/logstash/env2yaml/lib "${{targets.contextdir}}/usr/share/logstash/env2yaml/"
+
+          # Patch and install the wrapper script to use system java instead of bundled JDK
+          mkdir -p "${{targets.contextdir}}/usr/bin"
+          sed 's|/usr/share/logstash/jdk/bin/java|java|' \
+            docker/data/logstash/env2yaml/env2yaml > "${{targets.contextdir}}/usr/bin/env2yaml"
+          chmod +x "${{targets.contextdir}}/usr/bin/env2yaml"
     dependencies:
       runtime:
         - merged-usrsbin
         - wolfi-baselayout
+        - openjdk-21-default-jdk
         # Due to the way logstash implements their plugin system, this is a full
         # logstash package with the opensearch plugin bundled. It is based off the
         # same artifacts in the main package, meaning it will pick up the changes to
         # the default gems that were made in the main package it just adds the
         # opensearch plugin.
-    # test added by a robot (binary)
     test:
       pipeline:
         - runs: |
+            # Verify env2yaml files exist
             stat /usr/bin/env2yaml
+            stat /usr/share/logstash/env2yaml/classes
+            stat /usr/share/logstash/env2yaml/lib
+            test -x /usr/bin/env2yaml || { echo "ERROR: /usr/bin/env2yaml is not executable"; exit 1; }
+        - runs: |
+            # Test that env2yaml works - it modifies the file in place
+            # env2yaml reads environment variables and injects them into logstash.yml
+            echo "existing: value" > /tmp/logstash.yml
+            pipeline_workers=test env2yaml /tmp/logstash.yml
+            cat /tmp/logstash.yml
+            # Verify env2yaml injected the variable reference correctly
+            grep -F 'pipeline.workers: ${pipeline_workers}' /tmp/logstash.yml
+            # Verify existing configuration was preserved
+            grep -F 'existing: value' /tmp/logstash.yml
 
   - name: ${{package.name}}-with-output-opensearch
     description: Build logstash with logstash-output-opensearch plugin
@@ -373,9 +396,12 @@ subpackages:
         - bash # some helper scripts use bash and busybox utilities
         - busybox
         - merged-usrsbin
-        - openjdk-17-default-jdk
+        - openjdk-21-default-jdk
         - wolfi-baselayout
     pipeline:
+      - name: Install all the default plugins
+        runs: |
+          ./gradlew installDefaultGems
       - name: Re-inject default plugins that have been patched
         runs: |
           for gem in \
@@ -413,7 +439,7 @@ subpackages:
       environment:
         contents:
           packages:
-            - openjdk-17
+            - openjdk-21
             - sudo
         accounts:
           groups:
@@ -444,7 +470,7 @@ test:
   environment:
     contents:
       packages:
-        - openjdk-17-default-jdk
+        - openjdk-21-default-jdk
         - sudo
     accounts:
       groups: