fluent-plugin-anonymizer 0.2.2 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- data/fluent-plugin-anonymizer.gemspec +1 -1
- data/lib/fluent/plugin/out_anonymizer.rb +16 -6
- data/test/plugin/test_out_anonymizer.rb +30 -6
- metadata +27 -17
- checksums.yaml +0 -7
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
4
|
|
5
5
|
Gem::Specification.new do |spec|
|
6
6
|
spec.name = "fluent-plugin-anonymizer"
|
7
|
-
spec.version = "0.
|
7
|
+
spec.version = "0.3.0"
|
8
8
|
spec.authors = ["Kentaro Yoshida"]
|
9
9
|
spec.email = ["y.ken.studio@gmail.com"]
|
10
10
|
spec.summary = %q{Fluentd filter output plugin to anonymize records with HMAC of MD5/SHA1/SHA256/SHA384/SHA512 algorithms. This data masking plugin protects privacy data such as UserID, Email, Phone number, IPv4/IPv6 address and so on.}
|
@@ -2,7 +2,7 @@ require 'fluent/mixin/rewrite_tag_name'
|
|
2
2
|
|
3
3
|
class Fluent::AnonymizerOutput < Fluent::Output
|
4
4
|
Fluent::Plugin.register_output('anonymizer', self)
|
5
|
-
|
5
|
+
|
6
6
|
# To support log_level option since Fluentd v0.10.43
|
7
7
|
unless method_defined?(:log)
|
8
8
|
define_method(:log) { $log }
|
@@ -32,7 +32,7 @@ class Fluent::AnonymizerOutput < Fluent::Output
|
|
32
32
|
require 'ipaddr'
|
33
33
|
super
|
34
34
|
end
|
35
|
-
|
35
|
+
|
36
36
|
def configure(conf)
|
37
37
|
super
|
38
38
|
|
@@ -41,7 +41,7 @@ class Fluent::AnonymizerOutput < Fluent::Output
|
|
41
41
|
hash_algorithm_name = key.sub('_keys','')
|
42
42
|
raise Fluent::ConfigError, "anonymizer: unsupported key #{hash_algorithm_name}" unless HASH_ALGORITHM.include?(hash_algorithm_name)
|
43
43
|
conf[key].gsub(' ', '').split(',').each do |record_key|
|
44
|
-
@hash_keys.store(record_key, hash_algorithm_name)
|
44
|
+
@hash_keys.store(record_key.split('.'), hash_algorithm_name)
|
45
45
|
end
|
46
46
|
end
|
47
47
|
|
@@ -58,8 +58,7 @@ class Fluent::AnonymizerOutput < Fluent::Output
|
|
58
58
|
def emit(tag, es, chain)
|
59
59
|
es.each do |time, record|
|
60
60
|
@hash_keys.each do |hash_key, hash_algorithm|
|
61
|
-
|
62
|
-
record[hash_key] = filter_anonymize_record(record[hash_key], hash_algorithm)
|
61
|
+
record = filter_anonymize_record(record, hash_key, hash_algorithm)
|
63
62
|
end
|
64
63
|
emit_tag = tag.dup
|
65
64
|
filter_record(emit_tag, time, record)
|
@@ -68,8 +67,18 @@ class Fluent::AnonymizerOutput < Fluent::Output
|
|
68
67
|
chain.next
|
69
68
|
end
|
70
69
|
|
70
|
+
def filter_anonymize_record(record, key, hash_algorithm)
|
71
|
+
if record.has_key?(key.first)
|
72
|
+
if key.size == 1
|
73
|
+
record[key.first] = filter_anonymize_value(record[key.first], hash_algorithm)
|
74
|
+
else
|
75
|
+
record[key.first] = filter_anonymize_record(record[key.first], key[1..-1], hash_algorithm)
|
76
|
+
end
|
77
|
+
end
|
78
|
+
return record
|
79
|
+
end
|
71
80
|
|
72
|
-
def
|
81
|
+
def filter_anonymize_value(data, hash_algorithm)
|
73
82
|
begin
|
74
83
|
if data.is_a?(Array)
|
75
84
|
data = data.collect { |v| anonymize(v, hash_algorithm, @hash_salt) }
|
@@ -96,3 +105,4 @@ class Fluent::AnonymizerOutput < Fluent::Output
|
|
96
105
|
end
|
97
106
|
end
|
98
107
|
end
|
108
|
+
|
@@ -47,7 +47,6 @@ class AnonymizerOutputTest < Test::Unit::TestCase
|
|
47
47
|
end
|
48
48
|
emits = d1.emits
|
49
49
|
assert_equal 1, emits.length
|
50
|
-
p emits[0]
|
51
50
|
assert_equal 'anonymized.access', emits[0][0] # tag
|
52
51
|
assert_equal '10.102.3.0', emits[0][2]['host']
|
53
52
|
assert_equal 'e738cbde82a514dc60582cd467c240ed', emits[0][2]['data_for_md5']
|
@@ -77,7 +76,6 @@ class AnonymizerOutputTest < Test::Unit::TestCase
|
|
77
76
|
end
|
78
77
|
emits = d1.emits
|
79
78
|
assert_equal 1, emits.length
|
80
|
-
p emits[0]
|
81
79
|
assert_equal 'anonymized.access', emits[0][0] # tag
|
82
80
|
assert_equal '10.102.0.0', emits[0][2]['host']
|
83
81
|
assert_equal '10.102.0.0', emits[0][2]['host2']
|
@@ -87,6 +85,35 @@ class AnonymizerOutputTest < Test::Unit::TestCase
|
|
87
85
|
assert_equal 'signup', emits[0][2]['action']
|
88
86
|
end
|
89
87
|
|
88
|
+
def test_emit_nested_keys
|
89
|
+
d1 = create_driver(%[
|
90
|
+
sha1_keys nested.data,nested.nested.data
|
91
|
+
ipaddr_mask_keys hosts.host1
|
92
|
+
ipv4_mask_subnet 16
|
93
|
+
remove_tag_prefix input.
|
94
|
+
add_tag_prefix anonymized.
|
95
|
+
], 'input.access')
|
96
|
+
d1.run do
|
97
|
+
d1.emit({
|
98
|
+
'hosts' => {
|
99
|
+
'host1' => '10.102.3.80',
|
100
|
+
},
|
101
|
+
'nested' => {
|
102
|
+
'data' => '12345',
|
103
|
+
'nested' => {
|
104
|
+
'data' => '12345'
|
105
|
+
}
|
106
|
+
}
|
107
|
+
})
|
108
|
+
end
|
109
|
+
emits = d1.emits
|
110
|
+
assert_equal 1, emits.length
|
111
|
+
assert_equal 'anonymized.access', emits[0][0] # tag
|
112
|
+
assert_equal '10.102.0.0', emits[0][2]['hosts']['host1']
|
113
|
+
assert_equal '774472f0dc892f0b3299cae8dadacd0a74ba59d7', emits[0][2]['nested']['data']
|
114
|
+
assert_equal '774472f0dc892f0b3299cae8dadacd0a74ba59d7', emits[0][2]['nested']['nested']['data']
|
115
|
+
end
|
116
|
+
|
90
117
|
def test_emit_nest_value
|
91
118
|
d1 = create_driver(%[
|
92
119
|
sha1_keys array,hash
|
@@ -103,7 +130,6 @@ class AnonymizerOutputTest < Test::Unit::TestCase
|
|
103
130
|
end
|
104
131
|
emits = d1.emits
|
105
132
|
assert_equal 1, emits.length
|
106
|
-
p emits[0]
|
107
133
|
assert_equal 'anonymized.access', emits[0][0] # tag
|
108
134
|
assert_equal '10.102.3.0', emits[0][2]['host']
|
109
135
|
assert_equal ["c1628fc0d473cb21b15607c10bdcad19d1a42e24", "ea87abc249f9f2d430edb816514bffeffd3e698e"], emits[0][2]['array']
|
@@ -125,7 +151,6 @@ class AnonymizerOutputTest < Test::Unit::TestCase
|
|
125
151
|
end
|
126
152
|
emits = d1.emits
|
127
153
|
assert_equal 3, emits.length
|
128
|
-
p emits
|
129
154
|
assert_equal 'anonymized.access', emits[0][0] # tag
|
130
155
|
assert_equal '10.102.3.0', emits[0][2]['host']
|
131
156
|
assert_equal '::ffff:129.0.0.0', emits[1][2]['host']
|
@@ -144,7 +169,6 @@ class AnonymizerOutputTest < Test::Unit::TestCase
|
|
144
169
|
end
|
145
170
|
emits = d1.emits
|
146
171
|
assert_equal 1, emits.length
|
147
|
-
p emits[0]
|
148
172
|
assert_equal 'anonymized.message', emits[0][0] # tag
|
149
173
|
assert_equal '774472f0dc892f0b3299cae8dadacd0a74ba59d7', emits[0][2]['member_id']
|
150
174
|
end
|
@@ -162,8 +186,8 @@ class AnonymizerOutputTest < Test::Unit::TestCase
|
|
162
186
|
end
|
163
187
|
emits = d1.emits
|
164
188
|
assert_equal 1, emits.length
|
165
|
-
p emits[0]
|
166
189
|
assert_equal 'anonymized.access', emits[0][0] # tag
|
167
190
|
assert_equal '774472f0dc892f0b3299cae8dadacd0a74ba59d7', emits[0][2]['member_id']
|
168
191
|
end
|
169
192
|
end
|
193
|
+
|
metadata
CHANGED
@@ -1,69 +1,78 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-anonymizer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
|
+
prerelease:
|
5
6
|
platform: ruby
|
6
7
|
authors:
|
7
8
|
- Kentaro Yoshida
|
8
9
|
autorequire:
|
9
10
|
bindir: bin
|
10
11
|
cert_chain: []
|
11
|
-
date: 2014-
|
12
|
+
date: 2014-12-08 00:00:00.000000000 Z
|
12
13
|
dependencies:
|
13
14
|
- !ruby/object:Gem::Dependency
|
14
15
|
name: bundler
|
15
16
|
requirement: !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
16
18
|
requirements:
|
17
|
-
- -
|
19
|
+
- - ! '>='
|
18
20
|
- !ruby/object:Gem::Version
|
19
21
|
version: '0'
|
20
22
|
type: :development
|
21
23
|
prerelease: false
|
22
24
|
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
none: false
|
23
26
|
requirements:
|
24
|
-
- -
|
27
|
+
- - ! '>='
|
25
28
|
- !ruby/object:Gem::Version
|
26
29
|
version: '0'
|
27
30
|
- !ruby/object:Gem::Dependency
|
28
31
|
name: rake
|
29
32
|
requirement: !ruby/object:Gem::Requirement
|
33
|
+
none: false
|
30
34
|
requirements:
|
31
|
-
- -
|
35
|
+
- - ! '>='
|
32
36
|
- !ruby/object:Gem::Version
|
33
37
|
version: '0'
|
34
38
|
type: :development
|
35
39
|
prerelease: false
|
36
40
|
version_requirements: !ruby/object:Gem::Requirement
|
41
|
+
none: false
|
37
42
|
requirements:
|
38
|
-
- -
|
43
|
+
- - ! '>='
|
39
44
|
- !ruby/object:Gem::Version
|
40
45
|
version: '0'
|
41
46
|
- !ruby/object:Gem::Dependency
|
42
47
|
name: fluentd
|
43
48
|
requirement: !ruby/object:Gem::Requirement
|
49
|
+
none: false
|
44
50
|
requirements:
|
45
|
-
- -
|
51
|
+
- - ! '>='
|
46
52
|
- !ruby/object:Gem::Version
|
47
53
|
version: '0'
|
48
54
|
type: :runtime
|
49
55
|
prerelease: false
|
50
56
|
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
none: false
|
51
58
|
requirements:
|
52
|
-
- -
|
59
|
+
- - ! '>='
|
53
60
|
- !ruby/object:Gem::Version
|
54
61
|
version: '0'
|
55
62
|
- !ruby/object:Gem::Dependency
|
56
63
|
name: fluent-mixin-rewrite-tag-name
|
57
64
|
requirement: !ruby/object:Gem::Requirement
|
65
|
+
none: false
|
58
66
|
requirements:
|
59
|
-
- -
|
67
|
+
- - ! '>='
|
60
68
|
- !ruby/object:Gem::Version
|
61
69
|
version: '0'
|
62
70
|
type: :runtime
|
63
71
|
prerelease: false
|
64
72
|
version_requirements: !ruby/object:Gem::Requirement
|
73
|
+
none: false
|
65
74
|
requirements:
|
66
|
-
- -
|
75
|
+
- - ! '>='
|
67
76
|
- !ruby/object:Gem::Version
|
68
77
|
version: '0'
|
69
78
|
description:
|
@@ -73,8 +82,8 @@ executables: []
|
|
73
82
|
extensions: []
|
74
83
|
extra_rdoc_files: []
|
75
84
|
files:
|
76
|
-
-
|
77
|
-
-
|
85
|
+
- .gitignore
|
86
|
+
- .travis.yml
|
78
87
|
- Gemfile
|
79
88
|
- LICENSE
|
80
89
|
- README.md
|
@@ -86,26 +95,27 @@ files:
|
|
86
95
|
homepage: https://github.com/y-ken/fluent-plugin-anonymizer
|
87
96
|
licenses:
|
88
97
|
- Apache License, Version 2.0
|
89
|
-
metadata: {}
|
90
98
|
post_install_message:
|
91
99
|
rdoc_options: []
|
92
100
|
require_paths:
|
93
101
|
- lib
|
94
102
|
required_ruby_version: !ruby/object:Gem::Requirement
|
103
|
+
none: false
|
95
104
|
requirements:
|
96
|
-
- -
|
105
|
+
- - ! '>='
|
97
106
|
- !ruby/object:Gem::Version
|
98
107
|
version: '0'
|
99
108
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
109
|
+
none: false
|
100
110
|
requirements:
|
101
|
-
- -
|
111
|
+
- - ! '>='
|
102
112
|
- !ruby/object:Gem::Version
|
103
113
|
version: '0'
|
104
114
|
requirements: []
|
105
115
|
rubyforge_project:
|
106
|
-
rubygems_version:
|
116
|
+
rubygems_version: 1.8.23
|
107
117
|
signing_key:
|
108
|
-
specification_version:
|
118
|
+
specification_version: 3
|
109
119
|
summary: Fluentd filter output plugin to anonymize records with HMAC of MD5/SHA1/SHA256/SHA384/SHA512
|
110
120
|
algorithms. This data masking plugin protects privacy data such as UserID, Email,
|
111
121
|
Phone number, IPv4/IPv6 address and so on.
|
checksums.yaml
DELETED
@@ -1,7 +0,0 @@
|
|
1
|
-
---
|
2
|
-
SHA1:
|
3
|
-
metadata.gz: 45564782ff7fbdd7681ead462d17b18801158616
|
4
|
-
data.tar.gz: bec14d50db16b39fa28a9a9faa5c408606f31db6
|
5
|
-
SHA512:
|
6
|
-
metadata.gz: e4a058101e442e58acfabfd0b372cb48bf60b4e9110041daa26b86e39a24a33cc43592156218f6f850b8a488900bef4c41d932dfcef9c496e1af8d56a71f7eb3
|
7
|
-
data.tar.gz: 24eff682117a35d166d9da9738203d794e8a8646479c8314389b870e624127a9a71836ed2ca5f174b5d5db402e0ebd5b8fd09e062c0230ff58fdaf8dd3054d45
|