fluent-plugin-secure-forward 0.1.9.pre.rc1 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2fc54e54fa73f9f47d2edbc7c57727d88909718e
-  data.tar.gz: 17e46a3f3a58d57ab468d05972fa72da68f5d692
+  metadata.gz: ca2356a052a35ccb1ce9a6e1e06aefdaaf58fd37
+  data.tar.gz: 3733590e3818bbbdbc7f92a11a609639e0d19fca
 SHA512:
-  metadata.gz: df677feca1b1252f6b6b22c43c199654728d3e39b2569f20b1207d682075c75d4389b77977955992bb3d5756d620c5119e43d2d6c466986572aae5e09684d78c
-  data.tar.gz: e6bbbe1860763d53c4aea3534bfb5dde66b153d5580d4503c26f947cb278f6bdb64d810c6d4b04170ecd1997a25a63fdae6058e99b526af37ae5d1ecf2ad1280
+  metadata.gz: b2f8f19e8550dec4e7b9eff6ec47b030ae5d77e04fc0cbeabc39ff42ba865382839359bb3bf648120c388cfce0357b767b9b767887a336491042e1233095f355
+  data.tar.gz: e41959d32c7370796154763a0d8314270255f02d738ed3a1f8253f6f7555dc5b6b17040fd4c5aaf99ae82f3fc6b833491f0962c188bb7752355093289d59004e

data/README.md

@@ -40,85 +40,93 @@ Default settings:
   
 Minimal configurations like below:
 
-    <source>
-      type secure_forward
-      shared_key         secret_string
-      self_hostname      server.fqdn.local  # This fqdn is used as CN (Common Name) of certificates
-      cert_auto_generate yes                # This parameter MUST be specified
-    </source>
+```apache
+<source>
+  type secure_forward
+  shared_key         secret_string
+  self_hostname      server.fqdn.local  # This fqdn is used as CN (Common Name) of certificates
+  cert_auto_generate yes                # This parameter MUST be specified
+</source>
+```
 
 To check username/password from clients, like this:
 
-    <source>
-      type secure_forward
-      shared_key         secret_string
-      self_hostname      server.fqdn.local
-      cert_auto_generate yes
-      authentication     yes # Deny clients without valid username/password
-      <user>
-        username tagomoris
-        password foobar012
-      </user>
-      <user>
-        username frsyuki
-        password yakiniku
-      </user>
-    </source>
+```apache
+<source>
+  type secure_forward
+  shared_key         secret_string
+  self_hostname      server.fqdn.local
+  cert_auto_generate yes
+  authentication     yes # Deny clients without valid username/password
+  <user>
+    username tagomoris
+    password foobar012
+  </user>
+  <user>
+    username frsyuki
+    password yakiniku
+  </user>
+</source>
+```
 
 To deny unknown source IP/hosts:
 
-    <source>
-      type secure_forward
-      shared_key         secret_string
-      self_hostname      server.fqdn.local
-      cert_auto_generate     yes
-      allow_anonymous_source no  # Allow to accept from nodes of <client>
-      <client>
-        host 192.168.10.30
-      </client>
-      <client>
-        host your.host.fqdn.local
-        # wildcard (ex: *.host.fqdn.local) NOT Supported now
-      </client>
-      <client>
-        network 192.168.16.0/24 # network address specification
-      </client>
-    </source>
+```apache
+<source>
+  type secure_forward
+  shared_key         secret_string
+  self_hostname      server.fqdn.local
+  cert_auto_generate     yes
+  allow_anonymous_source no  # Allow to accept from nodes of <client>
+  <client>
+    host 192.168.10.30
+  </client>
+  <client>
+    host your.host.fqdn.local
+    # wildcard (ex: *.host.fqdn.local) NOT Supported now
+  </client>
+  <client>
+    network 192.168.16.0/24 # network address specification
+  </client>
+</source>
+```
 
 You can use both of username/password check and client check:
 
-    <source>
-      type secure_forward
-      shared_key         secret_string
-      self_hostname      server.fqdn.local
-      cert_auto_generate     yes
-      allow_anonymous_source no  # Allow to accept from nodes of <client>
-      authentication         yes # Deny clients without valid username/password
-      <user>
-        username tagomoris
-        password foobar012
-      </user>
-      <user>
-        username frsyuki
-        password sukiyaki
-      </user>
-      <user>
-        username repeatedly
-        password sushi
-      </user>
-      <client>
-        host 192.168.10.30      # allow all users to connect from 192.168.10.30
-      </client>
-      <client>
-        host  192.168.10.31
-        users tagomoris,frsyuki # deny repeatedly from 192.168.10.31
-      </client>
-      <client>
-        host 192.168.10.32
-        shared_key less_secret_string # limited shared_key for 192.168.10.32
-        users      repeatedly         # and repatedly only
-      </client>
-    </source>
+```apache
+<source>
+  type secure_forward
+  shared_key         secret_string
+  self_hostname      server.fqdn.local
+  cert_auto_generate     yes
+  allow_anonymous_source no  # Allow to accept from nodes of <client>
+  authentication         yes # Deny clients without valid username/password
+  <user>
+    username tagomoris
+    password foobar012
+  </user>
+  <user>
+    username frsyuki
+    password sukiyaki
+  </user>
+  <user>
+    username repeatedly
+    password sushi
+  </user>
+  <client>
+    host 192.168.10.30      # allow all users to connect from 192.168.10.30
+  </client>
+  <client>
+    host  192.168.10.31
+    users tagomoris,frsyuki # deny repeatedly from 192.168.10.31
+  </client>
+  <client>
+    host 192.168.10.32
+    shared_key less_secret_string # limited shared_key for 192.168.10.32
+    users      repeatedly         # and repatedly only
+  </client>
+</source>
+```
 
 ### SecureForwardOutput
 
@@ -127,66 +135,79 @@ Default settings:
 
 Minimal configurations like this:
 
-    <match secret.data.**>
-      type secure_forward
-      shared_key secret_string
-      self_hostname client.fqdn.local
-      <server>
-        host server.fqdn.local  # or IP
-        # port 24284
-      </server>
-    </match>
+```apache
+<match secret.data.**>
+  type secure_forward
+  shared_key secret_string
+  self_hostname client.fqdn.local
+  <server>
+    host server.fqdn.local  # or IP
+    # port 24284
+  </server>
+</match>
+```
 
 Without hostname ACL (and it's not implemented yet), `self_hostname` is not checked in any state. `${hostname}` placeholder is available for such cases.
 
-    <match secret.data.**>
-      type secure_forward
-      shared_key secret_string
-      self_hostname ${hostname}
-      <server>
-        host server.fqdn.local  # or IP
-        # port 24284
-      </server>
-    </match>
+```apache
+<match secret.data.**>
+  type secure_forward
+  shared_key secret_string
+  self_hostname ${hostname}
+  <server>
+    host server.fqdn.local  # or IP
+    # port 24284
+  </server>
+</match>
+```
 
 When specified 2 or more `<server>`, this plugin uses these nodes in simple round-robin order. And servers with `standby yes` will be selected until all of non-standby servers goes down.
 
 If server requires username/password, set `username` and `password` in `<server>` section:
 
-    <match secret.data.**>
-      type secure_forward
-      shared_key secret_string
-      self_hostname client.fqdn.local
-      <server>
-        host first.fqdn.local
-        username repeatedly
-        password sushi
-      </server>
-      <server>
-        host second.fqdn.local
-        username sasatatsu
-        password karaage
-      </server>
-      <server>
-        host standby.fqdn.local
-        username kzk
-        password hawaii
-        standby  yes
-      </server>
-    </match>
+```apache
+<match secret.data.**>
+  type secure_forward
+  shared_key secret_string
+  self_hostname client.fqdn.local
+  <server>
+    host      first.fqdn.local
+    hostlabel server.fqdn.local
+    username  repeatedly
+    password  sushi
+  </server>
+  <server>
+    host      second.fqdn.local
+    hostlabel server.fqdn.local
+    username  sasatatsu
+    password  karaage
+  </server>
+  <server>
+    host      standby.fqdn.local
+    hostlabel server.fqdn.local
+    username  kzk
+    password  hawaii
+    standby   yes
+  </server>
+</match>
+```
+
+Specify `hostlabel` if server (`in_forward`) have different hostname (`self_host` configuration of `in_forward`) from DNS name (`first.fqdn.local`, `second.fqdn.local` or `standby.fqdn.local`). This configuration variable will be used to check common name (CN) of certifications.
 
 To specify keepalive timeouts, use `keepalive` configuration with seconds. SSL connection will be disconnected and re-connected for each 1 hour with configuration below. In Default (and with `keepalive 0`), connections will not be disconnected without any communication troubles. (This feature is for dns name updates, and SSL common key refreshing.)
 
-    <match secret.data.**>
-      type secure_forward
-      shared_key secret_string
-      self_hostname client.fqdn.local
-      keepalive 3600
-      <server>
-        host server.fqdn.local  # or IP
-        # port 24284
-      </server>
-    </match>
+```apache
+<match secret.data.**>
+  type secure_forward
+  shared_key secret_string
+  self_hostname client.fqdn.local
+  keepalive 3600
+  <server>
+    host server.fqdn.local  # or IP
+    # port 24284
+  </server>
+</match>
+```
 
 ## Senario (developer document)
 

data/fluent-plugin-secure-forward.gemspec

@@ -1,7 +1,7 @@
 # -*- encoding: utf-8 -*-
 Gem::Specification.new do |gem|
   gem.name          = "fluent-plugin-secure-forward"
-  gem.version       = "0.1.9-rc1"
+  gem.version       = "0.2.0"
   gem.authors       = ["TAGOMORI Satoshi"]
   gem.email         = ["tagomoris@gmail.com"]
   gem.summary       = %q{Fluentd input/output plugin to forward over SSL with authentications}
@@ -15,7 +15,7 @@ Gem::Specification.new do |gem|
   gem.require_paths = ["lib"]
 
   gem.add_runtime_dependency "fluentd", ">= 0.10.46"
-  gem.add_runtime_dependency "fluent-mixin-config-placeholders"
+  gem.add_runtime_dependency "fluent-mixin-config-placeholders", ">= 0.3.0"
   gem.add_runtime_dependency "resolve-hostname"
   gem.add_development_dependency "rake"
 end

data/lib/fluent/plugin/out_secure_forward.rb

@@ -86,6 +86,8 @@ module Fluent
           node.first_session = true
           node.keepalive = @keepalive
           @nodes.push node
+        when 'secondary'
+          # ignore
         else
           raise Fluent::ConfigError, "unknown config tag name #{element.name}"
         end

data/test/plugin/test_out_secure_forward.rb

@@ -7,4 +7,24 @@ class SecureForwardOutputTest < Test::Unit::TestCase
   def create_driver(conf=CONFIG,tag='test')
     Fluent::Test::OutputTestDriver.new(Fluent::SecureForwardOutput, tag).configure(conf)
   end
+
+  def test_configure_secondary
+    p1 = nil
+    assert_nothing_raised { p1 = create_driver(<<CONFIG).instance }
+  type secure_forward
+  shared_key secret_string
+  self_hostname client.fqdn.local
+  <server>
+    host server.fqdn.local  # or IP
+    # port 24284
+  </server>
+  <secondary>
+    type forward
+    <server>
+      host localhost
+    </server>
+  </secondary>
+CONFIG
+  end
+
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-secure-forward
 version: !ruby/object:Gem::Version
-  version: 0.1.9.pre.rc1
+  version: 0.2.0
 platform: ruby
 authors:
 - TAGOMORI Satoshi
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-07-06 00:00:00.000000000 Z
+date: 2014-08-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fluentd
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.3.0
 - !ruby/object:Gem::Dependency
   name: resolve-hostname
   requirement: !ruby/object:Gem::Requirement
@@ -112,9 +112,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.2.2
@@ -126,3 +126,4 @@ test_files:
 - test/plugin/test_in_secure_forward.rb
 - test/plugin/test_input_session.rb
 - test/plugin/test_out_secure_forward.rb
+has_rdoc: