fluent-plugin-relp 0.1.4 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: aacc95af81cac5864815b61dc3b5381d06c77245
-  data.tar.gz: 9894b9e20b11b470911619338b15f9f69a11154b
+  metadata.gz: 86b1bb4436e0eefc4fb7b116288b76ad13ae1220
+  data.tar.gz: dd06f38481f0abff643ce6b9e8ae407bed9ea426
 SHA512:
-  metadata.gz: cb80590a0df2468ffa16ef93889852ff697ec16f3dd73df19001b4a31e9a81dcf1a2baa9ccb983c8d1c58faa9137d87b4afaaea61926e1db5d21d77b8a48e2ea
-  data.tar.gz: 58d970dea8eecb2b5ae4468f524f3f5123214c56cca4adc3c589ddb310abd65f709a39ca4337e1311a782607dac65b32aff9eab846c9c96d814764ed728ef213
+  metadata.gz: 50e4ef0c5e9c52a4b2d9fd5d80aa9b389de5399548e6023fdd926330c5ae7d9b90f40938e24db8531b17fffa4fef93e0944603011eede704109426ad03899460
+  data.tar.gz: 1a5ba493cbafd9e26dfe61745bcb4b91b3b27b414a7ccbcda091c1ccb6a50c7034e5928f33fb7c7d0d43d328db7a15983596f0bb26c5c55300b785cc3657f4d5

data/CHANGELOG.md

@@ -7,6 +7,15 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## [0.2.0] - 2017-10-19
+### Added
+- TLS encryption
+- now depends on [openssl](https://github.com/ruby/openssl)
+- checking length of actually transmitted data
+
+### Changed
+- raised minimal required [relp](https://github.com/ViaQ/Relp/) version to 0.2
+
 ## [0.1.4] - 2017-08-08
 ### Added
 - code coverage testing

data/README.md

@@ -36,6 +36,8 @@ To use the plugin just add tou your fluent.conf file:
   tag your_tag_for_relp
   #optionally, determine remote IP to bind to, by default binds to all incoming connections
   bind XX.XX.XX.XX
+  #if you want to use TLS encryption, specify this config string
+  ssl_config /path_to/certificate_file:/path_to/key_file:/path_to/certificate_authority_file
 </source>
 
 ```
@@ -47,13 +49,24 @@ module(load="omrelp")
 
 *.* action(type="omrelp" 
 	Target="your_fluentd_host_or_ip" 
-	Port="5170_or_yours_set")
+	Port="5170_or_yours_set"
+#	Add below part to use SSL encryption
+	tls="on"
+	tls.permittedPeer="SHA1:hash_of_your_certificate_file"
+	tls.authMode="fingerprint"
+	tls.mycert="/path_to/certificate_file"
+	tls.myprivkey="/path_to/key_file"
+	tls.cacert="/path_to/certificate_authority_file"
+	)
 ```
 make sure you have librelp and rsyslog relp plugin present on your system.
 
 Also you need to make sure that things lige firewall and selinux are set up
 so they do not block communication on configured port(s) and adress(es).
 
+Additionally, if you have problems estabilishing connection over network, it may
+help to increase timeouts for socket connection and/or RELP session on clients.
+
 That is all you need to reliably send system logs to remote fluentd instance.
 
 ## Contributing

data/lib/fluent/plugin/in_relp.rb

@@ -11,6 +11,8 @@ module Fluent
     config_param :port, :integer, default: 5170
     desc 'The bind address to listen to.'
     config_param :bind, :string, default: '0.0.0.0'
+    desc 'SSL configuration string, format "certificate_path":"key_path":"certificate_authority_path"'
+    config_param :ssl_config, :string, default: nil
 
     def configure(conf)
         super
@@ -18,7 +20,15 @@ module Fluent
 
     def start
 	super
-	@server = Relp::RelpServer.new(@bind, @port, log, method(:on_message))
+	ssl_context = nil
+	if @ssl_config != nil
+		ssl_context = OpenSSL::SSL::SSLContext.new(:TLSv1_2)
+		ssl_context.ca_file = @ssl_config.split(':')[2]
+		ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
+		ssl_context.key = OpenSSL::PKey::RSA.new(File.open(@ssl_config.split(':')[1]))
+		ssl_context.cert = OpenSSL::X509::Certificate.new(File.open(@ssl_config.split(':')[0]))
+	end
+	@server = Relp::RelpServer.new(@port, method(:on_message), @bind, ssl_context, log)
         @thread = Thread.new(&method(:run))
     end
 

data/test/plugin/test_in_relp.rb

@@ -33,9 +33,13 @@ class RelpInputTest < Test::Unit::TestCase
     bind       		HOST
     port		1111
     tag                 input.relp
+    ssl_config          ./cert.pem:./key.pem:./ca.pem
   ]
 
   def create_driver(conf = CONFIG)
+    File.open("cert.pem", "w")
+    File.open("key.pem", "w")
+    File.open("ca.pem", "w")
     Fluent::Test::InputTestDriver.new(Fluent::RelpInput).configure(conf)
   end
 
@@ -51,13 +55,14 @@ class RelpInputTest < Test::Unit::TestCase
       assert_equal 'HOST', d.instance.bind
       assert_equal 1111, d.instance.port
       assert_equal 'input.relp', d.instance.tag
+      assert_equal './cert.pem:./key.pem:./ca.pem', d.instance.ssl_config
     end
   end
 
   sub_test_case "function" do
     def test_run_invalid
       d = create_driver
-      assert_raise(SocketError) { #will fail because of invalid bind
+      assert_raise(OpenSSL::PKey::RSAError) { #will fail because of no valid cert
 	d.run
       }
     end
@@ -73,7 +78,7 @@ class RelpInputTest < Test::Unit::TestCase
     def test_message
       d = create_driver
       server = RelpServerFake.new(d.instance.method(:on_message))
-      assert_raise(SocketError) { #will fail because of invalid bind
+      assert_raise(OpenSSL::PKey::RSAError) { #will fail because of no valid cert
 	d.run
       }
       d.instance.instance_variable_set(:@server, server)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-relp
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.2.0
 platform: ruby
 authors:
 - Jiří Vymazal
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-08-08 00:00:00.000000000 Z
+date: 2017-10-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -86,14 +86,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: '0.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: '0.2'
 description: Plugin allowing recieving log messages via RELP protocol from e.g. syslog
 email:
 - jvymazal@redhat.com