fluent-plugin-geoip 1.2.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3a88a41e91e927825689d485148e6d1369532f01f2bc3395d76204c98f02366f
-  data.tar.gz: 984c8db424d319565862de808844432366f38d00b2cd1c6b617d4ead0d77af8f
+  metadata.gz: eab0d5c4f07207bfeba15ba4c11ba6b9d4acc8538235e6b2820e7207817803cb
+  data.tar.gz: 549a11f6f954945e37301b0cc010d8272193768a81e198f474552327e0d304ec
 SHA512:
-  metadata.gz: 0f48ad83f7b2ed7d47bd7822042e546cd1f0b6503d71c3175c07ccdc84fbfa21fdafc960187a40b5cd39d85636e256b09ba69ff69972ef5806bf3aa746d6ef82
-  data.tar.gz: 1ee9ce806e3bf90c1fac1657bc09ad1abfac5033ce6ac1f79b78fe6d374caab45b2fcb3eb3812ccae34124da2e861bd9e65f19dbac4574ae4d3db637bff3e567
+  metadata.gz: 7380799ed242d60ee4281870b8c2b23261428f02b5d4aa1b2908039219659fa8730b596b4713f09da6ea3c63d96e7795f7420ce0c62142f29e4542c13eb32706
+  data.tar.gz: 737f87472b5d5e145294067be686b51b984433d9d360265fef59da0afa93a21d77a12db4612af0b4d3183c4439b33eebcf47e1ab5fd98a23f8e7701152adee30

data/README.md

@@ -1,6 +1,6 @@
 # fluent-plugin-geoip [![Build Status](https://travis-ci.org/y-ken/fluent-plugin-geoip.png?branch=master)](https://travis-ci.org/y-ken/fluent-plugin-geoip)
 
-Fluentd Filter/Output plugin to add information about geographical location of IP addresses with Maxmind GeoIP databases.
+Fluentd Filter plugin to add information about geographical location of IP addresses with Maxmind GeoIP databases.
 
 fluent-plugin-geoip has bundled cost-free [GeoLite2 Free Downloadable Databases](https://dev.maxmind.com/geoip/geoip2/geolite2/) and [GeoLite City database](http://dev.maxmind.com/geoip/legacy/geolite/) by default.<br />
 Also you can use purchased [GeoIP City database](http://www.maxmind.com/en/city) ([lang:ja](http://www.maxmind.com/ja/city)) which costs starting from $50.
@@ -21,56 +21,7 @@ If you want to use this plugin with Fluentd v0.12.x or earlier use 0.8.x.
 
 ### Compatibility notice
 
-We've used Fluentd v1 API in this plugin since 1.0.0.
-So we have dropped some features from GeoipOutput.
-
-See also [official document](http://docs.fluentd.org/v1.0/articles/plugin-update-from-v12)
-
-#### Fluent::Mixin::RewriteTagName
-
-* `${tag}`, `__TAG__`
-
-    Alternative: Use `${tag}` placeholder
-
-* `${tag_parts[n]}`, `__TAG_PARTS[n]__`
-
-    Alternative: Use `${tag[n]}` placeholder
-
-* `${hostname}`, `__HOSTNAME__`
-
-    Alternative1: Use filter before this plugin and chunk keys:
-    ```
-    <filter>
-      @type record_transformer
-      <record>
-        hostname ${hostname}
-      </record>
-    </filter>
-    <match **>
-      @type geoip
-      tag geoip.${tag[1]}.${hostname}
-      <record>
-        city ${city["host"]}
-      </record>
-      <buffer tag, hostname>
-        flush_interval 1s
-      </buffer>
-    </match>
-    ```
-
-    Alternative2: Just inject hostname into record you can use `<inject>` section instead:
-    ```
-    <match **>
-      @type geoip
-      tag geoip.${tag[1]}.${hostname}
-      <record>
-        city ${city["host"]}
-      </record>
-      <inject>
-        hostname_key hostname
-      </inject>
-    </match>
-    ```
+We've removed GeoipOutput since 1.3.0, because GeoipFilter is enough to add information about geographical location of IP addresse.
 
 ## Dependency
 
@@ -90,6 +41,8 @@ $ brew install geoip
 $ bundle config build.geoip-c --with-geoip-dir=/usr/local/include/
 ```
 
+See [geoip2_c](https://github.com/okkez/geoip2_c#build-requirements), if you failed to install geoip2_c.
+
 ## Installation
 
 install with `gem` or td-agent provided command as:
@@ -116,7 +69,6 @@ Note that filter version of geoip plugin does not have handling tag feature.
   @type geoip
 
   # Specify one or more geoip lookup field which has ip address (default: host)
-  # in the case of accessing nested value, delimit keys by dot like 'host.ip'.
   geoip_lookup_keys host
 
   # Specify optional geoip database (using bundled GeoLiteCity databse by default)
@@ -157,6 +109,92 @@ Note that filter version of geoip plugin does not have handling tag feature.
 </filter>
 ```
 
+#### Tips: Modify records without city information
+
+```
+<filter access.apache>
+  @type geoip
+  geoip_lookup_keys remote_addr
+  <record>
+    city         ${city.names.en["remote_addr"]}     # skip adding fields if this field is null
+    latitude     ${location.latitude["remote_addr"]}
+    longitude    ${location.longitude["remote_addr"]}
+    country      ${country.iso_code["remote_addr"]}
+    country_name ${country.names.en["remote_addr"]}
+    postal_code  ${postal.code["remote_addr"]}
+  </record>
+  skip_adding_null_record true
+</filter>
+```
+
+Skip adding fields if incoming `remote_addr`'s GeoIP data is like following:
+
+```ruby
+# the record does not have "city" field
+{"continent"=>
+  {"code"=>"NA",
+   "geoname_id"=>6255149,
+   "names"=>
+    {"de"=>"Nordamerika",
+     "en"=>"North America",
+     "es"=>"Norteamérica",
+     "fr"=>"Amérique du Nord",
+     "ja"=>"北アメリカ",
+     "pt-BR"=>"América do Norte",
+     "ru"=>"Северная Америка",
+     "zh-CN"=>"北美洲"}},
+ "country"=>
+  {"geoname_id"=>6252001,
+   "iso_code"=>"US",
+   "names"=>
+    {"de"=>"USA",
+     "en"=>"United States",
+     "es"=>"Estados Unidos",
+     "fr"=>"États-Unis",
+     "ja"=>"アメリカ合衆国",
+     "pt-BR"=>"Estados Unidos",
+     "ru"=>"США",
+     "zh-CN"=>"美国"}},
+ "location"=>
+  {"accuracy_radius"=>1000, "latitude"=>37.751, "longitude"=>-97.822},
+ "registered_country"=>
+  {"geoname_id"=>6252001,
+   "iso_code"=>"US",
+   "names"=>
+    {"de"=>"USA",
+     "en"=>"United States",
+     "es"=>"Estados Unidos",
+     "fr"=>"États-Unis",
+     "ja"=>"アメリカ合衆国",
+     "pt-BR"=>"Estados Unidos",
+     "ru"=>"США",
+     "zh-CN"=>"美国"}}}
+```
+
+We can avoid this behavior changing field order in `<record>` like following:
+
+```
+<filter access.apache>
+  @type geoip
+  geoip_lookup_keys remote_addr
+  <record>
+    latitude     ${location.latitude["remote_addr"]} # this field must not be null
+    longitude    ${location.longitude["remote_addr"]}
+    country      ${country.iso_code["remote_addr"]}
+    country_name ${country.names.en["remote_addr"]}
+    postal_code  ${postal.code["remote_addr"]}
+    city         ${city.names.en["remote_addr"]}     # adding fields even if this field is null
+  </record>
+  skip_adding_null_record true
+</filter>
+```
+
+#### Tips: nested attributes for geoip_lookup_keys
+
+See [Record Accessor Plugin](https://docs.fluentd.org/v1.0/articles/api-plugin-helper-record_accessor#syntax)
+
+**NOTE** Since v1.3.0 does not interpret `host.ip` as nested attribute.
+
 #### Advanced config samples
 
 It is a sample to get friendly geo point recdords for elasticsearch with Yajl (JSON) parser.<br />
@@ -199,51 +237,6 @@ On the case of using td-agent3 (v1-config), it have to quote `{ ... }` or `[ ...
 </filter>
 ```
 
-### For GeoipOutput
-
-```xml
-<match access.apache>
-  @type geoip
-
-  # Specify one or more geoip lookup field which has ip address (default: host)
-  # in the case of accessing nested value, delimit keys by dot like 'host.ip'.
-  geoip_lookup_keys host
-
-  # Specify optional geoip database (using bundled GeoLiteCity databse by default)
-  geoip_database    "/path/to/your/GeoIPCity.dat"
-  # Specify optional geoip2 database
-  # geoip2_database   "/path/to/your/GeoLite2-City.mmdb"
-  # Specify backend library (geoip, geoip2_compat, geoip2_c)
-  backend_library geoip
-
-  # Set adding field with placeholder (more than one settings are required.)
-  <record>
-    latitude        ${location.latitude["host"]}
-    longitude       ${location.longitude["host"]}
-    country         ${country.iso_code["host"]}
-    country_name    ${country.names.en["host"]}
-    postal_code     ${postal.code["host"]}
-    region          ${subdivisions.0.iso_code["host"]}
-    region_name     ${subdivisions.0.names.en["host"]}
-    city            ${city.names.en["host"]}
-  </record>
-
-  # Settings for tag
-  tag               geoip.${tag[1]}
-
-  # To avoid get stacktrace error with `[null, null]` array for elasticsearch.
-  skip_adding_null_record  true
-
-  # Set @log_level (default: warn)
-  @log_level         info
-
-  <buffer tag>
-    # Set buffering time (default: 0s)
-    flush_interval    1s
-  </buffer>
-</match>
-```
-
 ## Tutorial
 
 ### For GeoipFilter
@@ -255,7 +248,6 @@ On the case of using td-agent3 (v1-config), it have to quote `{ ... }` or `[ ...
   @type forward
 </source>
 
-
 <filter test.geoip>
   @type    geoip
   geoip_lookup_keys  host
@@ -290,57 +282,6 @@ $ bundle exec ruby urils/dump.rb geoip2_compat 66.102.3.80
 $ bundle exec ruby urils/dump.rb geoip 66.102.3.80
 ```
 
-### For GeoipOutput
-
-#### configuration
-
-```xml
-<source>
-  @type forward
-</source>
-
-<match test.geoip>
-  @type copy
-  <store>
-    @type stdout
-  </store>
-  <store>
-    @type    geoip
-    geoip_lookup_keys  host
-    <record>
-      lat     ${location.latitude["host"]}
-      lon     ${location.longitude["host"]}
-      country ${country.iso_code["host"]}
-    </record>
-    tag     debug.${tag[1]}
-  </store>
-</match>
-
-<match debug.**>
-  @type stdout
-</match>
-```
-
-#### result
-
-```bash
-# forward record with Google's ip address.
-$ echo '{"host":"66.102.9.80","message":"test"}' | fluent-cat test.geoip
-
-# check the result at stdout
-$ tail /var/log/td-agent/td-agent.log
-2013-08-04 16:21:32 +0900 test.geoip: {"host":"66.102.9.80","message":"test"}
-2013-08-04 16:21:32 +0900 debug.geoip: {"host":"66.102.9.80","message":"test","lat":37.4192008972168,"lon":-122.05740356445312,"country":"US"}
-```
-
-You can check geoip data format using [utils/dump.rb](https://github.com/okkez/fluent-plugin-geoip/utils/dump.rb).
-
-```
-$ bundle exec ruby urils/dump.rb geoip2 66.102.3.80
-$ bundle exec ruby urils/dump.rb geoip2_compat 66.102.3.80
-$ bundle exec ruby urils/dump.rb geoip 66.102.3.80
-```
-
 ## Placeholders
 
 ### GeoIP2
@@ -465,68 +406,6 @@ On the case of getting nothing of GeoIP info (such as local IP), it will output
 
 Set backend library.
 
-### GeoipOutput
-
-#### Plugin helpers
-
-* [event_emitter](https://docs.fluentd.org/v1.0/articles/api-plugin-helper-event_emitter)
-* [compat_parameters](https://docs.fluentd.org/v1.0/articles/api-plugin-helper-compat_parameters)
-* [inject](https://docs.fluentd.org/v1.0/articles/api-plugin-helper-inject)
-
-See also [Output Plugin Overview](https://docs.fluentd.org/v1.0/articles/output-plugin-overview)
-
-#### Sections
-
-* [Inject section configurations](https://docs.fluentd.org/v1.0/articles/inject-section)
-* [Buffer section configurations](https://docs.fluentd.org/v1.0/articles/buffer-section)
-
-#### Parameters
-
-[Plugin Common Paramteters](https://docs.fluentd.org/v1.0/articles/plugin-common-parameters)
-
-**geoip_database** (string) (optional)
-
-* Default value: bundled database `GeoLiteCity.dat`
-
-Path to GeoIP database file.
-
-**geoip2_database** (string) (optional)
-
-* Default value: bundled database `GeoLite2-City.mmdb`.
-
-Path to GeoIP2 database file.
-
-**geoip_lookup_keys** (array) (optional)
-
-* Default value: `["host"]`
-
-Specify one or more geoip lookup field which has IP address.
-
-**geoip_lookup_key** (string) (optional) (deprecated)
-
-* Default value: `nil`.
-
-Use geoip_lookup_keys instead.
-
-**skip_adding_null_record** (bool) (optional)
-
-* Default value: `nil`
-
-Skip adding geoip fields when this valaues to `true`.
-On the case of getting nothing of GeoIP info (such as local IP), it will output the original record without changing anything.
-
-**backend_library** (enum) (optional)
-
-* Available values: `geoip`, `geoip2_compat`, `geoip2_c`
-* Default value: `geoip2_c`.
-
-Set backend library.
-
-**tag** (string) (optional)
-
-On using this option with tag placeholder like `tag geoip.${tag}` (test code is available at [test_out_geoip.rb](https://github.com/y-ken/fluent-plugin-geoip/blob/master/test/plugin/test_out_geoip.rb)).
-
-
 ## Articles
 
 * [IPアドレスを元に位置情報をリアルタイムに付与する fluent-plugin-geoip v0.0.1をリリースしました #fluentd - Y-Ken Studio](http://y-ken.hatenablog.com/entry/fluent-plugin-geoip-has-released)<br />

data/fluent-plugin-geoip.gemspec

@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name          = "fluent-plugin-geoip"
-  spec.version       = "1.2.0"
+  spec.version       = "1.3.0"
   spec.authors       = ["Kentaro Yoshida"]
   spec.email         = ["y.ken.studio@gmail.com"]
   spec.summary       = %q{Fluentd Filter plugin to add information about geographical location of IP addresses with Maxmind GeoIP databases.}
@@ -20,6 +20,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rake"
   spec.add_development_dependency "appraisal"
   spec.add_development_dependency "test-unit", ">= 3.1.0"
+  spec.add_development_dependency "test-unit-rr"
   spec.add_development_dependency "geoip2_compat"
 
   spec.add_runtime_dependency "fluentd", [">= 0.14.8", "< 2"]

data/lib/fluent/plugin/filter_geoip.rb

@@ -1,11 +1,37 @@
 require 'fluent/plugin/filter'
-require 'fluent/plugin/geoip'
+
+require 'geoip'
+require 'yajl'
+unless {}.respond_to?(:dig)
+  begin
+    # backport_dig is faster than dig_rb so prefer backport_dig.
+    # And Fluentd v1.0.1 uses backport_dig
+    require 'backport_dig'
+  rescue LoadError
+    require 'dig_rb'
+  end
+end
 
 module Fluent::Plugin
   class GeoipFilter < Fluent::Plugin::Filter
     Fluent::Plugin.register_filter('geoip', self)
 
-    helpers :compat_parameters, :inject
+    BACKEND_LIBRARIES = [:geoip, :geoip2_compat, :geoip2_c]
+
+    REGEXP_PLACEHOLDER_SINGLE = /^\$\{
+                                  (?<geoip_key>-?[^\[\]]+)
+                                    \[
+                                      (?:(?<dq>")|(?<sq>'))
+                                        (?<record_key>-?(?(<dq>)[^"{}]+|[^'{}]+))
+                                      (?(<dq>)"|')
+                                    \]
+                                  \}$/x
+    REGEXP_PLACEHOLDER_SCAN = /['"]?(\$\{[^\}]+?\})['"]?/
+
+    GEOIP_KEYS = %w(city latitude longitude country_code3 country_code country_name dma_code area_code region)
+    GEOIP2_COMPAT_KEYS = %w(city country_code country_name latitude longitude postal_code region region_name)
+
+    helpers :compat_parameters, :inject, :record_accessor
 
     config_param :geoip_database, :string, default: File.expand_path('../../../data/GeoLiteCity.dat', __dir__)
     config_param :geoip2_database, :string, default: File.expand_path('../../../data/GeoLite2-City.mmdb', __dir__)
@@ -15,16 +41,69 @@ module Fluent::Plugin
 
     config_set_default :@log_level, "warn"
 
-    config_param :backend_library, :enum, list: Fluent::GeoIP::BACKEND_LIBRARIES, default: :geoip2_c
+    config_param :backend_library, :enum, list: BACKEND_LIBRARIES, default: :geoip2_c
 
     def configure(conf)
       compat_parameters_convert(conf, :inject)
       super
-      @geoip = Fluent::GeoIP.new(self, conf)
+
+      @map = {}
+      if @geoip_lookup_key
+        @geoip_lookup_keys = @geoip_lookup_key.split(/\s*,\s*/)
+      end
+
+      @geoip_lookup_keys.each do |key|
+        if key.include?(".") && !key.start_with?("$")
+          $log.warn("#{key} is not treated as nested attributes")
+        end
+      end
+      @geoip_lookup_accessors = @geoip_lookup_keys.map {|key| [key, record_accessor_create(key)] }.to_h
+
+      if conf.keys.any? {|k| k =~ /^enable_key_/ }
+        raise Fluent::ConfigError, "geoip: 'enable_key_*' config format is obsoleted. use <record></record> directive instead."
+      end
+
+      # <record></record> directive
+      conf.elements.select { |element| element.name == 'record' }.each { |element|
+        element.each_pair { |k, v|
+          element.has_key?(k) # to suppress unread configuration warning
+          v = v[1..v.size-2] if quoted_value?(v)
+          @map[k] = v
+          validate_json = Proc.new {
+            begin
+              dummy_text = Yajl::Encoder.encode('dummy_text')
+              Yajl::Parser.parse(v.gsub(REGEXP_PLACEHOLDER_SCAN, dummy_text))
+            rescue Yajl::ParseError => e
+              message = "geoip: failed to parse '#{v}' as json."
+              log.error message, error: e
+              raise Fluent::ConfigError, message
+            end
+          }
+          validate_json.call if json?(v.tr('\'"\\', ''))
+        }
+      }
+
+      @placeholder_keys = @map.values.join.scan(REGEXP_PLACEHOLDER_SCAN).map{|placeholder| placeholder[0] }.uniq
+      @placeholder_keys.each do |key|
+        m = key.match(REGEXP_PLACEHOLDER_SINGLE)
+        geoip_key = m[:geoip_key]
+        case @backend_library
+        when :geoip
+          raise Fluent::ConfigError, "#{@backend_library}: unsupported key #{geoip_key}" unless GEOIP_KEYS.include?(geoip_key)
+        when :geoip2_compat
+          raise Fluent::ConfigError, "#{@backend_library}: unsupported key #{geoip_key}" unless GEOIP2_COMPAT_KEYS.include?(geoip_key)
+        when :geoip2_c
+          # Nothing to do.
+          # We cannot define supported key(s) before we fetch values from GeoIP2 database
+          # because geoip2_c can fetch any fields in GeoIP2 database.
+        end
+      end
+
+      @geoip = load_database
     end
 
     def filter(tag, time, record)
-      filtered_record = @geoip.add_geoip_field(record)
+      filtered_record = add_geoip_field(record)
       if filtered_record
         record = filtered_record
       end
@@ -35,5 +114,101 @@ module Fluent::Plugin
     def multi_workers_ready?
       true
     end
+
+    private
+
+    def add_geoip_field(record)
+      placeholder = create_placeholder(geolocate(get_address(record)))
+      return record if @skip_adding_null_record && placeholder.values.first.nil?
+      @map.each do |record_key, value|
+        if value.match(REGEXP_PLACEHOLDER_SINGLE) #|| value.match(REGEXP_PLACEHOLDER_BRACKET_SINGLE)
+          rewrited = placeholder[value]
+        elsif json?(value)
+          rewrited = value.gsub(REGEXP_PLACEHOLDER_SCAN) {|match|
+            match = match[1..match.size-2] if quoted_value?(match)
+            Yajl::Encoder.encode(placeholder[match])
+          }
+          rewrited = parse_json(rewrited)
+        else
+          rewrited = value.gsub(REGEXP_PLACEHOLDER_SCAN, placeholder)
+        end
+        record[record_key] = rewrited
+      end
+      record
+    end
+
+    def json?(text)
+      text.match(/^\[.+\]$/) || text.match(/^\{.+\}$/)
+    end
+
+    def quoted_value?(text)
+      # to improbe compatibility with fluentd v1-config
+      text.match(/(^'.+'$|^".+"$)/)
+    end
+
+    def parse_json(message)
+      begin
+        return Yajl::Parser.parse(message)
+      rescue Yajl::ParseError => e
+        log.info "geoip: failed to parse '#{message}' as json.", error_class: e.class, error: e.message
+        return nil
+      end
+    end
+
+    def get_address(record)
+      address = {}
+      @geoip_lookup_accessors.each do |field, accessor|
+        address[field] = accessor.call(record)
+      end
+      address
+    end
+
+    def geolocate(addresses)
+      geodata = {}
+      addresses.each do |field, ip|
+        geo = nil
+        if ip
+          geo = if @geoip.respond_to?(:look_up)
+                  @geoip.look_up(ip)
+                else
+                  @geoip.lookup(ip)
+                end
+        end
+        geodata[field] = geo
+      end
+      geodata
+    end
+
+    def create_placeholder(geodata)
+      placeholder = {}
+      @placeholder_keys.each do |placeholder_key|
+        position = placeholder_key.match(REGEXP_PLACEHOLDER_SINGLE)
+        next if position.nil? or geodata[position[:record_key]].nil?
+        keys = [position[:record_key]] + position[:geoip_key].split('.').map(&:to_sym)
+        value = geodata.dig(*keys)
+        value = if [:latitude, :longitude].include?(keys.last)
+                  value || 0.0
+                else
+                  value
+                end
+        placeholder[placeholder_key] = value
+      end
+      placeholder
+    end
+
+    def load_database
+      case @backend_library
+      when :geoip
+        ::GeoIP::City.new(@geoip_database, :memory, false)
+      when :geoip2_compat
+        require 'geoip2_compat'
+        GeoIP2Compat.new(@geoip2_database)
+      when :geoip2_c
+        require 'geoip2'
+        GeoIP2::Database.new(@geoip2_database)
+      end
+    rescue LoadError
+      raise Fluent::ConfigError, "You must install #{@backend_library} gem."
+    end
   end
 end