RubyGems - fluent-plugin-kusto - Versions diffs - 0.0.1.beta → 0.0.3.beta - Mend

fluent-plugin-kusto 0.0.1.beta → 0.0.3.beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

checksums.yaml +4 -4
data/Gemfile +1 -1
data/README.md +260 -57
data/lib/fluent/plugin/auth/aad_tokenprovider.rb +2 -3
data/lib/fluent/plugin/auth/mi_tokenprovider.rb +8 -7
data/lib/fluent/plugin/auth/tokenprovider_base.rb +259 -10
data/lib/fluent/plugin/auth/wif_tokenprovider.rb +22 -3
data/lib/fluent/plugin/client.rb +82 -1
data/lib/fluent/plugin/conffile.rb +1 -1
data/lib/fluent/plugin/ingester.rb +27 -11
data/lib/fluent/plugin/kusto_constants.rb +57 -0
data/lib/fluent/plugin/kusto_query.rb +8 -1
data/lib/fluent/plugin/kusto_version.rb +9 -0
data/lib/fluent/plugin/out_kusto.rb +5 -3
data/test/plugin/test_e2e_kusto.rb +459 -119
data/test/plugin/test_mi_tokenprovider.rb +165 -0
data/test/plugin/test_wif_tokenprovider.rb +145 -0
metadata +38 -15

data/test/plugin/test_mi_tokenprovider.rb ADDED Viewed

@@ -0,0 +1,165 @@
+# frozen_string_literal: true
+require 'test/unit'
+require 'mocha/test_unit'
+require_relative '../../lib/fluent/plugin/auth/mi_tokenprovider'
+class DummyConfigForMI
+  attr_reader :kusto_endpoint, :managed_identity_client_id
+  def initialize(kusto_endpoint, managed_identity_client_id = nil)
+    @kusto_endpoint = kusto_endpoint
+    @managed_identity_client_id = managed_identity_client_id
+  end
+  def logger
+    require 'logger'
+    Logger.new($stdout)
+  end
+end
+class ManagedIdentityTokenProviderTest < Test::Unit::TestCase
+  def setup
+    @resource = 'https://kusto.kusto.windows.net'
+    @client_id = '074c3c54-29e2-4230-a81f-333868b8d6ca'
+  end
+  def test_initialize_with_user_managed_identity
+    config = DummyConfigForMI.new(@resource, @client_id)
+    provider = ManagedIdentityTokenProvider.new(config)
+    # Verify instance variables are set correctly
+    assert_equal @resource, provider.instance_variable_get(:@resource)
+    assert_equal @client_id, provider.instance_variable_get(:@managed_identity_client_id)
+    assert_equal false, provider.instance_variable_get(:@use_system_assigned)
+    assert_equal true, provider.instance_variable_get(:@use_user_assigned)
+    assert_not_nil provider.instance_variable_get(:@token_acquire_url)
+  end
+  def test_initialize_with_system_managed_identity
+    config = DummyConfigForMI.new(@resource, 'SYSTEM')
+    provider = ManagedIdentityTokenProvider.new(config)
+    # Verify instance variables are set correctly for system managed identity
+    assert_equal @resource, provider.instance_variable_get(:@resource)
+    assert_equal 'SYSTEM', provider.instance_variable_get(:@managed_identity_client_id)
+    assert_equal true, provider.instance_variable_get(:@use_system_assigned)
+    assert_equal false, provider.instance_variable_get(:@use_user_assigned)
+    assert_not_nil provider.instance_variable_get(:@token_acquire_url)
+  end
+  def test_initialize_with_empty_client_id
+    config = DummyConfigForMI.new(@resource, '')
+    provider = ManagedIdentityTokenProvider.new(config)
+    # Verify instance variables are set correctly for empty client_id
+    assert_equal @resource, provider.instance_variable_get(:@resource)
+    assert_equal '', provider.instance_variable_get(:@managed_identity_client_id)
+    assert_equal false, provider.instance_variable_get(:@use_system_assigned)
+    assert_equal false, provider.instance_variable_get(:@use_user_assigned)
+  end
+  def test_token_acquire_url_formation_user_managed_identity
+    config = DummyConfigForMI.new(@resource, @client_id)
+    provider = ManagedIdentityTokenProvider.new(config)
+    token_url = provider.instance_variable_get(:@token_acquire_url)
+    expected_base = 'http://169.254.169.254/metadata/identity/oauth2/token'
+    assert token_url.include?(expected_base), "Token URL should contain base IMDS endpoint"
+    assert token_url.include?('resource=https%3A%2F%2Fkusto.kusto.windows.net'), "Token URL should contain encoded resource"
+    assert token_url.include?('api-version=2018-02-01'), "Token URL should contain API version"
+    assert token_url.include?("client_id=#{@client_id}"), "Token URL should contain client_id for user managed identity"
+  end
+  def test_token_acquire_url_formation_system_managed_identity
+    config = DummyConfigForMI.new(@resource, 'SYSTEM')
+    provider = ManagedIdentityTokenProvider.new(config)
+    token_url = provider.instance_variable_get(:@token_acquire_url)
+    expected_base = 'http://169.254.169.254/metadata/identity/oauth2/token'
+    assert token_url.include?(expected_base), "Token URL should contain base IMDS endpoint"
+    assert token_url.include?('resource=https%3A%2F%2Fkusto.kusto.windows.net'), "Token URL should contain encoded resource"
+    assert token_url.include?('api-version=2018-02-01'), "Token URL should contain API version"
+    assert !token_url.include?('client_id='), "Token URL should NOT contain client_id for system managed identity"
+  end
+  def test_fetch_token_success
+    config = DummyConfigForMI.new(@resource, @client_id)
+    provider = ManagedIdentityTokenProvider.new(config)
+    # Mock successful HTTP response
+    mock_response = {
+      'access_token' => 'fake-access-token',
+      'expires_in' => 3600
+    }
+    provider.stubs(:post_token_request).returns(mock_response)
+    result = provider.send(:fetch_token)
+    assert_equal 'fake-access-token', result[:access_token]
+    assert_equal 3600, result[:expires_in]
+  end
+  def test_post_token_request_retries_on_failure
+    config = DummyConfigForMI.new(@resource, @client_id)
+    provider = ManagedIdentityTokenProvider.new(config)
+    # Mock HTTP failure followed by success
+    mock_http = mock
+    mock_response_fail = mock
+    mock_response_fail.stubs(:code).returns(500)
+    mock_response_fail.stubs(:body).returns('Internal Server Error')
+    mock_response_success = mock
+    mock_response_success.stubs(:code).returns(200)
+    mock_response_success.stubs(:body).returns('{"access_token":"fake-token","expires_in":3600}')
+    mock_request = mock
+    Net::HTTP::Get.stubs(:new).returns(mock_request)
+    # Mock the HTTP client setup from create_http_client method
+    mock_http.stubs(:use_ssl=)
+    mock_http.stubs(:open_timeout=)
+    mock_http.stubs(:read_timeout=)
+    mock_http.stubs(:write_timeout=)
+    mock_http.expects(:request).twice.returns(mock_response_fail, mock_response_success)
+    Net::HTTP.stubs(:new).returns(mock_http)
+    # Stub sleep to speed up test
+    provider.stubs(:sleep)
+    result = provider.send(:post_token_request)
+    assert_equal 'fake-token', result['access_token']
+  end
+  def test_post_token_request_raises_after_max_retries
+    config = DummyConfigForMI.new(@resource, @client_id)
+    provider = ManagedIdentityTokenProvider.new(config)
+    # Mock HTTP failure for all attempts
+    mock_http = mock
+    mock_response_fail = mock
+    mock_response_fail.stubs(:code).returns(500)
+    mock_response_fail.stubs(:body).returns('Internal Server Error')
+    mock_request = mock
+    Net::HTTP::Get.stubs(:new).returns(mock_request)
+    # Mock the HTTP client setup from create_http_client method
+    mock_http.stubs(:use_ssl=)
+    mock_http.stubs(:open_timeout=)
+    mock_http.stubs(:read_timeout=)
+    mock_http.stubs(:write_timeout=)
+    mock_http.stubs(:request).returns(mock_response_fail)
+    Net::HTTP.stubs(:new).returns(mock_http)
+    # Stub sleep to speed up test
+    provider.stubs(:sleep)
+    assert_raise(RuntimeError, 'Failed to get managed identity token after 2 attempts.') do
+      provider.send(:post_token_request)
+    end
+  end
+end

data/test/plugin/test_wif_tokenprovider.rb ADDED Viewed

@@ -0,0 +1,145 @@
+# frozen_string_literal: true
+require 'test/unit'
+require 'mocha/test_unit'
+require_relative '../../lib/fluent/plugin/auth/wif_tokenprovider'
+class DummyConfigForWIF
+  attr_reader :kusto_endpoint, :workload_identity_client_id, :workload_identity_tenant_id, :workload_identity_token_file_path
+  def initialize(kusto_endpoint, client_id, tenant_id, token_file_path = nil)
+    @kusto_endpoint = kusto_endpoint
+    @workload_identity_client_id = client_id
+    @workload_identity_tenant_id = tenant_id
+    @workload_identity_token_file_path = token_file_path
+  end
+  def logger
+    require 'logger'
+    Logger.new($stdout)
+  end
+end
+class WorkloadIdentityTest < Test::Unit::TestCase
+  def setup
+    @resource = 'https://kusto.kusto.windows.net'
+    @client_id = '074c3c54-29e2-4230-a81f-333868b8d6ca'
+    @tenant_id = '12345678-1234-1234-1234-123456789abc'
+    @token_file = '/tmp/test-token'
+  end
+  def test_initialize_with_custom_token_file
+    config = DummyConfigForWIF.new(@resource, @client_id, @tenant_id, @token_file)
+    provider = WorkloadIdentity.new(config)
+    # Verify instance variables are set correctly
+    assert_equal @resource, provider.instance_variable_get(:@kusto_endpoint)
+    assert_equal @client_id, provider.instance_variable_get(:@client_id)
+    assert_equal @tenant_id, provider.instance_variable_get(:@tenant_id)
+    assert_equal @token_file, provider.instance_variable_get(:@token_file)
+    assert_equal "#{@resource}/.default", provider.instance_variable_get(:@scope)
+  end
+  def test_initialize_with_default_token_file
+    config = DummyConfigForWIF.new(@resource, @client_id, @tenant_id, nil)
+    provider = WorkloadIdentity.new(config)
+    # Verify default token file is used
+    expected_default = '/var/run/secrets/azure/tokens/azure-identity-token'
+    assert_equal expected_default, provider.instance_variable_get(:@token_file)
+  end
+  def test_fetch_token_success
+    config = DummyConfigForWIF.new(@resource, @client_id, @tenant_id, @token_file)
+    provider = WorkloadIdentity.new(config)
+    # Mock successful token acquisition
+    mock_response = {
+      'access_token' => 'wif-access-token',
+      'expires_in' => 7200
+    }
+    provider.stubs(:acquire_workload_identity_token).returns(mock_response)
+    result = provider.send(:fetch_token)
+    assert_equal 'wif-access-token', result[:access_token]
+    assert_equal 7200, result[:expires_in]
+  end
+  def test_acquire_workload_identity_token_success
+    config = DummyConfigForWIF.new(@resource, @client_id, @tenant_id, @token_file)
+    provider = WorkloadIdentity.new(config)
+    # Mock file read and HTTP request
+    File.stubs(:read).with(@token_file).returns('fake-oidc-token')
+    mock_response = mock
+    mock_response.stubs(:is_a?).with(Net::HTTPSuccess).returns(true)
+    mock_response.stubs(:body).returns('{"access_token":"wif-token","expires_in":7200}')
+    mock_http = mock
+    mock_http.expects(:use_ssl=).with(true)
+    mock_http.expects(:open_timeout=).with(10)
+    mock_http.expects(:read_timeout=).with(30)
+    mock_http.expects(:write_timeout=).with(10)
+    mock_http.expects(:request).returns(mock_response)
+    Net::HTTP.stubs(:new).returns(mock_http)
+    result = provider.send(:acquire_workload_identity_token)
+    assert_equal 'wif-token', result['access_token']
+    assert_equal 7200, result['expires_in']
+  end
+  def test_acquire_workload_identity_token_failure
+    config = DummyConfigForWIF.new(@resource, @client_id, @tenant_id, @token_file)
+    provider = WorkloadIdentity.new(config)
+    # Mock file read and HTTP request failure
+    File.stubs(:read).with(@token_file).returns('fake-oidc-token')
+    mock_response = mock
+    mock_response.stubs(:is_a?).with(Net::HTTPSuccess).returns(false)
+    mock_response.stubs(:code).returns(400)
+    mock_response.stubs(:body).returns('Bad Request')
+    mock_http = mock
+    mock_http.expects(:use_ssl=).with(true)
+    mock_http.expects(:open_timeout=).with(10)
+    mock_http.expects(:read_timeout=).with(30)
+    mock_http.expects(:write_timeout=).with(10)
+    mock_http.expects(:request).returns(mock_response)
+    Net::HTTP.stubs(:new).returns(mock_http)
+    assert_raise(RuntimeError, 'Failed to get access token: 400 Bad Request') do
+      provider.send(:acquire_workload_identity_token)
+    end
+  end
+  def test_oauth2_endpoint_formation
+    config = DummyConfigForWIF.new(@resource, @client_id, @tenant_id, @token_file)
+    provider = WorkloadIdentity.new(config)
+    # Test that the endpoint is formatted correctly with tenant_id
+    File.stubs(:read).with(@token_file).returns('fake-oidc-token')
+    # Mock the rest of the HTTP request to avoid actual network call
+    mock_response = mock
+    mock_response.stubs(:is_a?).with(Net::HTTPSuccess).returns(true)
+    mock_response.stubs(:body).returns('{"access_token":"test","expires_in":3600}')
+    mock_http = mock
+    mock_http.expects(:use_ssl=).with(true)
+    mock_http.expects(:open_timeout=).with(10)
+    mock_http.expects(:read_timeout=).with(30)
+    mock_http.expects(:write_timeout=).with(10)
+    mock_http.expects(:request).returns(mock_response)
+    Net::HTTP.stubs(:new).returns(mock_http)
+    # Just verify it doesn't crash - the important thing is that setup_config was called
+    result = provider.send(:acquire_workload_identity_token)
+    assert_equal 'test', result['access_token']
+  end
+end

metadata CHANGED Viewed

@@ -1,15 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-kusto
 version: !ruby/object:Gem::Version
-  version: 0.0.1.beta
+  version: 0.0.3.beta
 platform: ruby
 authors:
 - Komal Rani
 - Kusto OSS IDC Team
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-08-20 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -17,42 +16,62 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.6.9
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.6.9
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 13.2.1
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 13.2.1
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: test-unit
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.6.7
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.6.7
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: fluentd
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: fluentd
   requirement: !ruby/object:Gem::Requirement
@@ -122,25 +141,28 @@ files:
 - lib/fluent/plugin/client.rb
 - lib/fluent/plugin/conffile.rb
 - lib/fluent/plugin/ingester.rb
+- lib/fluent/plugin/kusto_constants.rb
 - lib/fluent/plugin/kusto_error_handler.rb
 - lib/fluent/plugin/kusto_query.rb
+- lib/fluent/plugin/kusto_version.rb
 - lib/fluent/plugin/out_kusto.rb
 - test/helper.rb
 - test/plugin/test_azcli_tokenprovider.rb
 - test/plugin/test_e2e_kusto.rb
+- test/plugin/test_mi_tokenprovider.rb
 - test/plugin/test_out_kusto_config.rb
 - test/plugin/test_out_kusto_format.rb
 - test/plugin/test_out_kusto_process.rb
 - test/plugin/test_out_kusto_start.rb
 - test/plugin/test_out_kusto_try_write.rb
 - test/plugin/test_out_kusto_write.rb
+- test/plugin/test_wif_tokenprovider.rb
 homepage: https://github.com/Azure/azure-kusto-fluentd
 licenses:
 - Apache-2.0
 metadata:
   fluentd_plugin: 'true'
   fluentd_group: output
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -148,24 +170,25 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.5'
+      version: 2.7.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
-rubygems_version: 3.0.3.1
-signing_key:
+rubygems_version: 3.7.1
 specification_version: 4
 summary: A custom Fluentd output plugin for Azure Kusto ingestion.
 test_files:
 - test/helper.rb
 - test/plugin/test_azcli_tokenprovider.rb
 - test/plugin/test_e2e_kusto.rb
+- test/plugin/test_mi_tokenprovider.rb
 - test/plugin/test_out_kusto_config.rb
 - test/plugin/test_out_kusto_format.rb
 - test/plugin/test_out_kusto_process.rb
 - test/plugin/test_out_kusto_start.rb
 - test/plugin/test_out_kusto_try_write.rb
 - test/plugin/test_out_kusto_write.rb
+- test/plugin/test_wif_tokenprovider.rb