atatus 1.0.2 → 1.5.0

data/lib/atatus/transport/connection.rb

@@ -1,13 +1,24 @@
-# frozen_string_literal: true
-
-require 'concurrent'
-require 'zlib'
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
 
-require 'atatus/transport/connection/http'
+# frozen_string_literal: true
 
 module Atatus
   module Transport
-    # rubocop:disable Metrics/ClassLength
     # @api private
     class Connection
       include Logging
@@ -24,26 +35,18 @@ module Atatus
       # with ongoing write requests to `http`, write and close
       # requests have to be synchronized.
 
-      HEADERS = {
-        'Content-Type' => 'application/x-ndjson',
-        'Transfer-Encoding' => 'chunked'
-      }.freeze
-      GZIP_HEADERS = HEADERS.merge(
-        'Content-Encoding' => 'gzip'
-      ).freeze
-
-      def initialize(config, metadata)
+      def initialize(config)
         @config = config
-        @headers = build_headers(metadata)
-        @metadata = JSON.fast_generate(metadata)
+        @metadata = JSON.fast_generate(
+          Serializers::MetadataSerializer.new(config).build(
+            Metadata.new(config)
+          )
+        )
         @url = config.server_url + '/intake/v2/events'
-        @ssl_context = build_ssl_context
         @mutex = Mutex.new
       end
 
       attr_reader :http
-
-      # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
       def write(str)
         return false if @config.disable_send
 
@@ -69,7 +72,6 @@ module Atatus
           flush(:connection_error)
         end
       end
-      # rubocop:enable Metrics/MethodLength, Metrics/AbcSize
 
       def flush(reason = :force)
         # Could happen from the timertask so we need to sync
@@ -81,9 +83,8 @@ module Atatus
 
       def inspect
         format(
-          '@%s http connection closed? :%s>',
-          super.split.first,
-          http.closed?
+          '<%s url:%s closed:%s >',
+          super.split.first, @url, http&.closed?
         )
       end
 
@@ -93,11 +94,9 @@ module Atatus
         schedule_closing if @config.api_request_time
 
         @http =
-          Http.open(
-            @config, @url,
-            headers: @headers,
-            ssl_context: @ssl_context
-          ).tap { |http| http.write(@metadata) }
+          Http.open(@config, @url).tap do |http|
+            http.write(@metadata)
+          end
       end
       # rubocop:enable
 
@@ -108,49 +107,6 @@ module Atatus
             flush(:timeout)
           end
       end
-
-      def build_headers(metadata)
-        (
-          @config.http_compression? ? GZIP_HEADERS : HEADERS
-        ).dup.tap do |headers|
-          headers['User-Agent'] = build_user_agent(metadata)
-
-          if (token = @config.secret_token)
-            headers['Authorization'] = "Bearer #{token}"
-          end
-        end
-      end
-
-      def build_user_agent(metadata)
-        runtime = metadata.dig(:metadata, :service, :runtime)
-
-        [
-          "atatus-ruby/#{VERSION}",
-          HTTP::Request::USER_AGENT,
-          [runtime[:name], runtime[:version]].join('/')
-        ].join(' ')
-      end
-
-      def build_ssl_context # rubocop:disable Metrics/MethodLength
-        return unless @config.use_ssl?
-
-        OpenSSL::SSL::SSLContext.new.tap do |context|
-          if @config.server_ca_cert
-            context.ca_file = @config.server_ca_cert
-          else
-            context.cert_store =
-              OpenSSL::X509::Store.new.tap(&:set_default_paths)
-          end
-
-          context.verify_mode =
-            if @config.verify_server_cert
-              OpenSSL::SSL::VERIFY_PEER
-            else
-              OpenSSL::SSL::VERIFY_NONE
-            end
-        end
-      end
     end
-    # rubocop:enable Metrics/ClassLength
   end
 end

data/lib/atatus/transport/connection/http.rb

@@ -1,8 +1,21 @@
-# frozen_string_literal: true
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
 
-require 'http'
-require 'concurrent'
-require 'zlib'
+# frozen_string_literal: true
 
 require 'atatus/transport/connection/proxy_pipe'
 
@@ -13,23 +26,43 @@ module Atatus
       class Http
         include Logging
 
-        def initialize(config)
+        def initialize(config, headers: nil)
           @config = config
-          @closed = Concurrent::AtomicBoolean.new
-
-          @rd, @wr = ProxyPipe.pipe(compress: @config.http_compression?)
+          @headers = headers || Headers.new(config)
+          @client = build_client
+          @closed = Concurrent::AtomicBoolean.new(true)
         end
 
-        def open(url, headers: {}, ssl_context: nil)
-          @request = open_request_in_thread(url, headers, ssl_context)
+        def open(url)
+          @closed.make_false
+          @rd, @wr = ProxyPipe.pipe(compress: @config.http_compression?)
+          @request = open_request_in_thread(url)
         end
 
-        def self.open(config, url, headers: {}, ssl_context: nil)
+        def self.open(config, url)
           new(config).tap do |http|
-            http.open(url, headers: headers, ssl_context: ssl_context)
+            http.open(url)
           end
         end
 
+        def post(url, body: nil, headers: nil)
+          request(:post, url, body: body, headers: headers)
+        end
+
+        def get(url, headers: nil)
+          request(:get, url, headers: headers)
+        end
+
+        def request(method, url, body: nil, headers: nil)
+          @client.send(
+            method,
+            url,
+            body: body,
+            headers: (headers ? @headers.merge(headers) : @headers).to_h,
+            ssl_context: @config.ssl_context
+          ).flush
+        end
+
         def write(str)
           @wr.write(str)
           @wr.bytes_sent
@@ -69,23 +102,27 @@ module Atatus
           format('[THREAD:%s]', Thread.current.object_id)
         end
 
-        # rubocop:disable Metrics/LineLength
-        def open_request_in_thread(url, headers, ssl_context)
-          client = build_client(headers)
-
+        def open_request_in_thread(url)
           debug '%s: Opening new request', thread_str
           Thread.new do
             begin
-              post(client, url, ssl_context)
+              resp = post(url, body: @rd, headers: @headers.chunked.to_h)
+
+              if resp&.status == 202
+                debug 'APM Server responded with status 202'
+              elsif resp
+                error "APM Server responded with an error:\n%p", resp.body.to_s
+              end
             rescue Exception => e
-              error "Couldn't establish connection to APM Server:\n%p", e.inspect
+              error(
+                "Couldn't establish connection to APM Server:\n%p", e.inspect
+              )
             end
           end
         end
-        # rubocop:enable Metrics/LineLength
 
-        def build_client(headers)
-          client = HTTP.headers(headers)
+        def build_client
+          client = HTTP.headers(@headers)
           return client unless @config.proxy_address && @config.proxy_port
 
           client.via(
@@ -96,20 +133,6 @@ module Atatus
             @config.proxy_headers
           )
         end
-
-        def post(client, url, ssl_context)
-          resp = client.post(
-            url,
-            body: @rd,
-            ssl_context: ssl_context
-          ).flush
-
-          if resp&.status == 202
-            debug 'APM Server responded with status 202'
-          elsif resp
-            error "APM Server responded with an error:\n%p", resp.body.to_s
-          end
-        end
       end
     end
   end

data/lib/atatus/transport/connection/proxy_pipe.rb

@@ -1,7 +1,21 @@
-# frozen_string_literal: true
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
 
-require 'concurrent'
-require 'zlib'
+# frozen_string_literal: true
 
 module Atatus
   module Transport
@@ -34,6 +48,11 @@ module Atatus
 
             return unless compress
             enable_compression!
+            ObjectSpace.define_finalizer(self, self.class.finalize(@io))
+          end
+
+          def self.finalize(io)
+            proc { io.close }
           end
 
           attr_reader :io
@@ -65,8 +84,8 @@ module Atatus
           end
         end
 
-        def self.pipe(*args)
-          pipe = new(*args)
+        def self.pipe(**args)
+          pipe = new(**args)
           [pipe.read, pipe.write]
         end
       end

data/lib/atatus/transport/filters.rb

@@ -1,3 +1,20 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
 # frozen_string_literal: true
 
 require 'atatus/transport/filters/secrets_filter'
@@ -19,7 +36,7 @@ module Atatus
         end
 
         def add(key, filter)
-          @filters[key] = filter
+          @filters = @filters.merge(key => filter)
         end
 
         def remove(key)

data/lib/atatus/transport/filters/hash_sanitizer.rb

@@ -0,0 +1,77 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# frozen_string_literal: true
+
+module Atatus
+  module Transport
+    module Filters
+      class HashSanitizer
+        FILTERED = '[FILTERED]'
+
+        KEY_FILTERS = [
+          /passw(or)?d/i,
+          /auth/i,
+          /^pw$/,
+          /secret/i,
+          /token/i,
+          /api[-._]?key/i,
+          /session[-._]?id/i,
+          /(set[-_])?cookie/i
+        ].freeze
+
+        VALUE_FILTERS = [
+          # (probably) credit card number
+          /^\d{4}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}$/
+        ].freeze
+
+        attr_accessor :key_filters
+
+        def initialize
+          @key_filters = KEY_FILTERS
+        end
+
+        def strip_from!(obj, key_filters = KEY_FILTERS)
+          return unless obj&.is_a?(Hash)
+
+          obj.each do |k, v|
+            if filter_key?(k)
+              next obj[k] = FILTERED
+            end
+
+            case v
+            when Hash
+              strip_from!(v)
+            when String
+              if filter_value?(v)
+                obj[k] = FILTERED
+              end
+            end
+          end
+        end
+
+        def filter_key?(key)
+          @key_filters.any? { |regex| regex.match(key) }
+        end
+
+        def filter_value?(value)
+          VALUE_FILTERS.any? { |regex| regex.match(value) }
+        end
+      end
+    end
+  end
+end

data/lib/atatus/transport/filters/secrets_filter.rb

@@ -1,73 +1,48 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
 # frozen_string_literal: true
 
+require 'atatus/transport/filters/hash_sanitizer'
+
 module Atatus
   module Transport
     module Filters
       # @api private
       class SecretsFilter
-        FILTERED = '[FILTERED]'
-
-        KEY_FILTERS = [
-          /passw(or)?d/i,
-          /auth/i,
-          /^pw$/,
-          /secret/i,
-          /token/i,
-          /api[-._]?key/i,
-          /session[-._]?id/i,
-          /(set[-_])?cookie/i
-        ].freeze
-
-        VALUE_FILTERS = [
-          # (probably) credit card number
-          /^\d{4}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}$/
-        ].freeze
-
         def initialize(config)
           @config = config
-          @key_filters = KEY_FILTERS + config.custom_key_filters
+          @sanitizer = HashSanitizer.new
+          @sanitizer.key_filters += config.custom_key_filters +
+                                     config.sanitize_field_names
         end
 
         def call(payload)
-          strip_from! payload.dig(:transaction, :context, :request, :headers)
-          strip_from! payload.dig(:transaction, :context, :request, :env)
-          strip_from! payload.dig(:transaction, :context, :request, :cookies)
-          strip_from! payload.dig(:transaction, :context, :response, :headers)
-          strip_from! payload.dig(:error, :context, :request, :headers)
-          strip_from! payload.dig(:error, :context, :response, :headers)
-          strip_from! payload.dig(:transaction, :context, :request, :body)
+          @sanitizer.strip_from! payload.dig(:transaction, :context, :request, :headers)
+          @sanitizer.strip_from! payload.dig(:transaction, :context, :request, :env)
+          @sanitizer.strip_from! payload.dig(:transaction, :context, :request, :cookies)
+          @sanitizer.strip_from! payload.dig(:transaction, :context, :response, :headers)
+          @sanitizer.strip_from! payload.dig(:error, :context, :request, :headers)
+          @sanitizer.strip_from! payload.dig(:error, :context, :request, :cookies)
+          @sanitizer.strip_from! payload.dig(:error, :context, :response, :headers)
+          @sanitizer.strip_from! payload.dig(:transaction, :context, :request, :body)
 
           payload
         end
-
-        # rubocop:disable Metrics/MethodLength, Metrics/CyclomaticComplexity
-        def strip_from!(obj)
-          return unless obj && obj.is_a?(Hash)
-
-          obj.each do |k, v|
-            if filter_key?(k)
-              next obj[k] = FILTERED
-            end
-
-            case v
-            when Hash
-              strip_from!(v)
-            when String
-              if filter_value?(v)
-                obj[k] = FILTERED
-              end
-            end
-          end
-        end
-        # rubocop:enable Metrics/MethodLength, Metrics/CyclomaticComplexity
-
-        def filter_key?(key)
-          @key_filters.any? { |regex| key.match regex }
-        end
-
-        def filter_value?(value)
-          VALUE_FILTERS.any? { |regex| value.match regex }
-        end
       end
     end
   end