fluent-plugin-logit 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 78c4c4ce59dc4b806f93e496225003e36edfda5bdea21eaf634390696653182d
4
- data.tar.gz: e9a6cf80062c73fd922f7914227cb3bc45860c877f38ecb583c7a393083c54fd
3
+ metadata.gz: 3e711fd3713c8f48f841a2c921cf817a62fdfd280728442a060825d05880b80d
4
+ data.tar.gz: fb12650d8d450070d11f6b39e22c2e04b6a3a40485ed2c4a5cab4eda02ef76d1
5
5
  SHA512:
6
- metadata.gz: 416faa7684b294652716eb0dca134186057c9e9351b0b3ac3a846ff2be3404a785c3c1a1288b3cc66c1e7d64b237cff84371a3025d81f191b3af4e4e6fbd346e
7
- data.tar.gz: 43896716fcd6270faedd0ef68d722f90f9bb15631f768dd528939c1237c77c37be694038f8864890988764b38bb93973dfda61cbcce2bf09f715ba3a2fdc537b
6
+ metadata.gz: 2edb4fdaa7ce8c0cefafb7e65e164eb0768d7fc4598d82b6e6f70982b09f76608529fdf694e872345326ee9906ad8b0cc13eb7f1d18974c1882631441394a5ce
7
+ data.tar.gz: bc3f8809f72f531011f6922d21ba33bb13bbea9542d428f9cf142591fd915ddf6a00018a656c9f381c781e942e388e63697a66c5fb7fc7b6e24bf73c61a5478a
data/README.md CHANGED
@@ -20,6 +20,26 @@ You need to configure the output with your stack_id and port number. See the sou
20
20
  buffer_path /var/log/fluent/logcentral
21
21
  </match>
22
22
 
23
+ ### Mutual TLS configuration
24
+
25
+ If your stack is enabled for mutual TLS, make the client certificate, private
26
+ key, and CA chain certificates available to Fluentd and specify their locations
27
+ in the config:
28
+
29
+ <match **>
30
+ @type logit
31
+ stack_id <your-stack-id>
32
+ port <your-port>
33
+ buffer_type file
34
+ buffer_path /var/log/fluent/logcentral
35
+ tls_mode mutual
36
+ tls_ca_certificate "/etc/pki/tls/logit/ca-chain.pem"
37
+ tls_certificate "/etc/pki/tls/logit/client.pem"
38
+ tls_private_key "/etc/pki/tls/logit/key.pem"
39
+ </match>
40
+
41
+ The private key file must be unencrypted before use.
42
+
23
43
  ## Support
24
44
 
25
45
  This plugin uses TCP with TLS to ship events.
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.2.0
1
+ 0.3.0
@@ -21,6 +21,11 @@ module Fluent
21
21
  config_param :output_type, :string, :default => "json"
22
22
  config_param :output_append_newline, :bool, :default => true
23
23
 
24
+ config_param :tls_mode, :enum, list: [:simple, :mutual], default: :simple
25
+ config_param :tls_ca_certificate, :string, :default => nil
26
+ config_param :tls_certificate, :string, :default => nil
27
+ config_param :tls_private_key, :string, :default => nil
28
+
24
29
  def configure(conf)
25
30
  super
26
31
  if /[\w]{8}(-[\w]{4}){3}-[\w]{12}/.match(@stack_id) == nil
@@ -29,6 +34,23 @@ module Fluent
29
34
  if @port == 0
30
35
  raise "port is required. See the source wizard."
31
36
  end
37
+
38
+ if @tls_mode == :mutual
39
+ if ! @tls_ca_certificate || @tls_ca_certificate.empty?
40
+ raise Fluent::ConfigError,
41
+ "tls_ca_certificate is required when tls_mode is set to mutual"
42
+ end
43
+
44
+ if ! @tls_certificate || @tls_certificate.empty?
45
+ raise Fluent::ConfigError,
46
+ "tls_certificate is required when tls_mode is set to mutual"
47
+ end
48
+
49
+ if ! @tls_private_key || @tls_private_key.empty?
50
+ raise Fluent::ConfigError,
51
+ "tls_private_key is required when tls_mode is set to mutual"
52
+ end
53
+ end
32
54
  end
33
55
 
34
56
  def start
@@ -84,17 +106,22 @@ module Fluent
84
106
  Timeout.timeout(@connect_timeout) do
85
107
  socket = TCPSocket.open("#{resolved_host()}", @port)
86
108
  ssl_context = OpenSSL::SSL::SSLContext.new()
87
- # TODO implement mutual tls
88
- #ssl_context.cert = OpenSSL::X509::Certificate.new(File.open("certificate.crt"))
89
- #ssl_context.key = OpenSSL::PKey::RSA.new(File.open("certificate.key"))
90
109
  ssl_context.options |= OpenSSL::SSL::OP_NO_SSLv2
91
110
  ssl_context.options |= OpenSSL::SSL::OP_NO_SSLv3
92
111
  ssl_context.options |= OpenSSL::SSL::OP_NO_COMPRESSION
93
112
  ssl_context.ciphers = "TLSv1.2:!aNULL:!eNULL"
94
113
  ssl_context.ssl_version = :TLSv1_2
114
+
115
+ if @tls_mode == :mutual
116
+ ssl_context.cert = OpenSSL::X509::Certificate.new(File.open(@tls_certificate))
117
+ ssl_context.key = OpenSSL::PKey::RSA.new(File.open(@tls_private_key))
118
+ ssl_context.ca_file = @tls_ca_certificate
119
+ end
120
+
95
121
  ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, ssl_context)
96
122
  ssl_socket.sync_close = true
97
123
  ssl_socket.connect
124
+
98
125
  return ssl_socket
99
126
  end
100
127
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-logit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Logit
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-06-05 00:00:00.000000000 Z
11
+ date: 2019-11-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: fluentd