fluent-plugin-secure-forward 0.1.9.pre.rc1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 2fc54e54fa73f9f47d2edbc7c57727d88909718e
4
- data.tar.gz: 17e46a3f3a58d57ab468d05972fa72da68f5d692
3
+ metadata.gz: ca2356a052a35ccb1ce9a6e1e06aefdaaf58fd37
4
+ data.tar.gz: 3733590e3818bbbdbc7f92a11a609639e0d19fca
5
5
  SHA512:
6
- metadata.gz: df677feca1b1252f6b6b22c43c199654728d3e39b2569f20b1207d682075c75d4389b77977955992bb3d5756d620c5119e43d2d6c466986572aae5e09684d78c
7
- data.tar.gz: e6bbbe1860763d53c4aea3534bfb5dde66b153d5580d4503c26f947cb278f6bdb64d810c6d4b04170ecd1997a25a63fdae6058e99b526af37ae5d1ecf2ad1280
6
+ metadata.gz: b2f8f19e8550dec4e7b9eff6ec47b030ae5d77e04fc0cbeabc39ff42ba865382839359bb3bf648120c388cfce0357b767b9b767887a336491042e1233095f355
7
+ data.tar.gz: e41959d32c7370796154763a0d8314270255f02d738ed3a1f8253f6f7555dc5b6b17040fd4c5aaf99ae82f3fc6b833491f0962c188bb7752355093289d59004e
data/README.md CHANGED
@@ -40,85 +40,93 @@ Default settings:
40
40
 
41
41
  Minimal configurations like below:
42
42
 
43
- <source>
44
- type secure_forward
45
- shared_key secret_string
46
- self_hostname server.fqdn.local # This fqdn is used as CN (Common Name) of certificates
47
- cert_auto_generate yes # This parameter MUST be specified
48
- </source>
43
+ ```apache
44
+ <source>
45
+ type secure_forward
46
+ shared_key secret_string
47
+ self_hostname server.fqdn.local # This fqdn is used as CN (Common Name) of certificates
48
+ cert_auto_generate yes # This parameter MUST be specified
49
+ </source>
50
+ ```
49
51
 
50
52
  To check username/password from clients, like this:
51
53
 
52
- <source>
53
- type secure_forward
54
- shared_key secret_string
55
- self_hostname server.fqdn.local
56
- cert_auto_generate yes
57
- authentication yes # Deny clients without valid username/password
58
- <user>
59
- username tagomoris
60
- password foobar012
61
- </user>
62
- <user>
63
- username frsyuki
64
- password yakiniku
65
- </user>
66
- </source>
54
+ ```apache
55
+ <source>
56
+ type secure_forward
57
+ shared_key secret_string
58
+ self_hostname server.fqdn.local
59
+ cert_auto_generate yes
60
+ authentication yes # Deny clients without valid username/password
61
+ <user>
62
+ username tagomoris
63
+ password foobar012
64
+ </user>
65
+ <user>
66
+ username frsyuki
67
+ password yakiniku
68
+ </user>
69
+ </source>
70
+ ```
67
71
 
68
72
  To deny unknown source IP/hosts:
69
73
 
70
- <source>
71
- type secure_forward
72
- shared_key secret_string
73
- self_hostname server.fqdn.local
74
- cert_auto_generate yes
75
- allow_anonymous_source no # Allow to accept from nodes of <client>
76
- <client>
77
- host 192.168.10.30
78
- </client>
79
- <client>
80
- host your.host.fqdn.local
81
- # wildcard (ex: *.host.fqdn.local) NOT Supported now
82
- </client>
83
- <client>
84
- network 192.168.16.0/24 # network address specification
85
- </client>
86
- </source>
74
+ ```apache
75
+ <source>
76
+ type secure_forward
77
+ shared_key secret_string
78
+ self_hostname server.fqdn.local
79
+ cert_auto_generate yes
80
+ allow_anonymous_source no # Allow to accept from nodes of <client>
81
+ <client>
82
+ host 192.168.10.30
83
+ </client>
84
+ <client>
85
+ host your.host.fqdn.local
86
+ # wildcard (ex: *.host.fqdn.local) NOT Supported now
87
+ </client>
88
+ <client>
89
+ network 192.168.16.0/24 # network address specification
90
+ </client>
91
+ </source>
92
+ ```
87
93
 
88
94
  You can use both of username/password check and client check:
89
95
 
90
- <source>
91
- type secure_forward
92
- shared_key secret_string
93
- self_hostname server.fqdn.local
94
- cert_auto_generate yes
95
- allow_anonymous_source no # Allow to accept from nodes of <client>
96
- authentication yes # Deny clients without valid username/password
97
- <user>
98
- username tagomoris
99
- password foobar012
100
- </user>
101
- <user>
102
- username frsyuki
103
- password sukiyaki
104
- </user>
105
- <user>
106
- username repeatedly
107
- password sushi
108
- </user>
109
- <client>
110
- host 192.168.10.30 # allow all users to connect from 192.168.10.30
111
- </client>
112
- <client>
113
- host 192.168.10.31
114
- users tagomoris,frsyuki # deny repeatedly from 192.168.10.31
115
- </client>
116
- <client>
117
- host 192.168.10.32
118
- shared_key less_secret_string # limited shared_key for 192.168.10.32
119
- users repeatedly # and repatedly only
120
- </client>
121
- </source>
96
+ ```apache
97
+ <source>
98
+ type secure_forward
99
+ shared_key secret_string
100
+ self_hostname server.fqdn.local
101
+ cert_auto_generate yes
102
+ allow_anonymous_source no # Allow to accept from nodes of <client>
103
+ authentication yes # Deny clients without valid username/password
104
+ <user>
105
+ username tagomoris
106
+ password foobar012
107
+ </user>
108
+ <user>
109
+ username frsyuki
110
+ password sukiyaki
111
+ </user>
112
+ <user>
113
+ username repeatedly
114
+ password sushi
115
+ </user>
116
+ <client>
117
+ host 192.168.10.30 # allow all users to connect from 192.168.10.30
118
+ </client>
119
+ <client>
120
+ host 192.168.10.31
121
+ users tagomoris,frsyuki # deny repeatedly from 192.168.10.31
122
+ </client>
123
+ <client>
124
+ host 192.168.10.32
125
+ shared_key less_secret_string # limited shared_key for 192.168.10.32
126
+ users repeatedly # and repatedly only
127
+ </client>
128
+ </source>
129
+ ```
122
130
 
123
131
  ### SecureForwardOutput
124
132
 
@@ -127,66 +135,79 @@ Default settings:
127
135
 
128
136
  Minimal configurations like this:
129
137
 
130
- <match secret.data.**>
131
- type secure_forward
132
- shared_key secret_string
133
- self_hostname client.fqdn.local
134
- <server>
135
- host server.fqdn.local # or IP
136
- # port 24284
137
- </server>
138
- </match>
138
+ ```apache
139
+ <match secret.data.**>
140
+ type secure_forward
141
+ shared_key secret_string
142
+ self_hostname client.fqdn.local
143
+ <server>
144
+ host server.fqdn.local # or IP
145
+ # port 24284
146
+ </server>
147
+ </match>
148
+ ```
139
149
 
140
150
  Without hostname ACL (and it's not implemented yet), `self_hostname` is not checked in any state. `${hostname}` placeholder is available for such cases.
141
151
 
142
- <match secret.data.**>
143
- type secure_forward
144
- shared_key secret_string
145
- self_hostname ${hostname}
146
- <server>
147
- host server.fqdn.local # or IP
148
- # port 24284
149
- </server>
150
- </match>
152
+ ```apache
153
+ <match secret.data.**>
154
+ type secure_forward
155
+ shared_key secret_string
156
+ self_hostname ${hostname}
157
+ <server>
158
+ host server.fqdn.local # or IP
159
+ # port 24284
160
+ </server>
161
+ </match>
162
+ ```
151
163
 
152
164
  When specified 2 or more `<server>`, this plugin uses these nodes in simple round-robin order. And servers with `standby yes` will be selected until all of non-standby servers goes down.
153
165
 
154
166
  If server requires username/password, set `username` and `password` in `<server>` section:
155
167
 
156
- <match secret.data.**>
157
- type secure_forward
158
- shared_key secret_string
159
- self_hostname client.fqdn.local
160
- <server>
161
- host first.fqdn.local
162
- username repeatedly
163
- password sushi
164
- </server>
165
- <server>
166
- host second.fqdn.local
167
- username sasatatsu
168
- password karaage
169
- </server>
170
- <server>
171
- host standby.fqdn.local
172
- username kzk
173
- password hawaii
174
- standby yes
175
- </server>
176
- </match>
168
+ ```apache
169
+ <match secret.data.**>
170
+ type secure_forward
171
+ shared_key secret_string
172
+ self_hostname client.fqdn.local
173
+ <server>
174
+ host first.fqdn.local
175
+ hostlabel server.fqdn.local
176
+ username repeatedly
177
+ password sushi
178
+ </server>
179
+ <server>
180
+ host second.fqdn.local
181
+ hostlabel server.fqdn.local
182
+ username sasatatsu
183
+ password karaage
184
+ </server>
185
+ <server>
186
+ host standby.fqdn.local
187
+ hostlabel server.fqdn.local
188
+ username kzk
189
+ password hawaii
190
+ standby yes
191
+ </server>
192
+ </match>
193
+ ```
194
+
195
+ Specify `hostlabel` if server (`in_forward`) have different hostname (`self_host` configuration of `in_forward`) from DNS name (`first.fqdn.local`, `second.fqdn.local` or `standby.fqdn.local`). This configuration variable will be used to check common name (CN) of certifications.
177
196
 
178
197
  To specify keepalive timeouts, use `keepalive` configuration with seconds. SSL connection will be disconnected and re-connected for each 1 hour with configuration below. In Default (and with `keepalive 0`), connections will not be disconnected without any communication troubles. (This feature is for dns name updates, and SSL common key refreshing.)
179
198
 
180
- <match secret.data.**>
181
- type secure_forward
182
- shared_key secret_string
183
- self_hostname client.fqdn.local
184
- keepalive 3600
185
- <server>
186
- host server.fqdn.local # or IP
187
- # port 24284
188
- </server>
189
- </match>
199
+ ```apache
200
+ <match secret.data.**>
201
+ type secure_forward
202
+ shared_key secret_string
203
+ self_hostname client.fqdn.local
204
+ keepalive 3600
205
+ <server>
206
+ host server.fqdn.local # or IP
207
+ # port 24284
208
+ </server>
209
+ </match>
210
+ ```
190
211
 
191
212
  ## Senario (developer document)
192
213
 
@@ -1,7 +1,7 @@
1
1
  # -*- encoding: utf-8 -*-
2
2
  Gem::Specification.new do |gem|
3
3
  gem.name = "fluent-plugin-secure-forward"
4
- gem.version = "0.1.9-rc1"
4
+ gem.version = "0.2.0"
5
5
  gem.authors = ["TAGOMORI Satoshi"]
6
6
  gem.email = ["tagomoris@gmail.com"]
7
7
  gem.summary = %q{Fluentd input/output plugin to forward over SSL with authentications}
@@ -15,7 +15,7 @@ Gem::Specification.new do |gem|
15
15
  gem.require_paths = ["lib"]
16
16
 
17
17
  gem.add_runtime_dependency "fluentd", ">= 0.10.46"
18
- gem.add_runtime_dependency "fluent-mixin-config-placeholders"
18
+ gem.add_runtime_dependency "fluent-mixin-config-placeholders", ">= 0.3.0"
19
19
  gem.add_runtime_dependency "resolve-hostname"
20
20
  gem.add_development_dependency "rake"
21
21
  end
@@ -86,6 +86,8 @@ module Fluent
86
86
  node.first_session = true
87
87
  node.keepalive = @keepalive
88
88
  @nodes.push node
89
+ when 'secondary'
90
+ # ignore
89
91
  else
90
92
  raise Fluent::ConfigError, "unknown config tag name #{element.name}"
91
93
  end
@@ -7,4 +7,24 @@ class SecureForwardOutputTest < Test::Unit::TestCase
7
7
  def create_driver(conf=CONFIG,tag='test')
8
8
  Fluent::Test::OutputTestDriver.new(Fluent::SecureForwardOutput, tag).configure(conf)
9
9
  end
10
+
11
+ def test_configure_secondary
12
+ p1 = nil
13
+ assert_nothing_raised { p1 = create_driver(<<CONFIG).instance }
14
+ type secure_forward
15
+ shared_key secret_string
16
+ self_hostname client.fqdn.local
17
+ <server>
18
+ host server.fqdn.local # or IP
19
+ # port 24284
20
+ </server>
21
+ <secondary>
22
+ type forward
23
+ <server>
24
+ host localhost
25
+ </server>
26
+ </secondary>
27
+ CONFIG
28
+ end
29
+
10
30
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-secure-forward
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.9.pre.rc1
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - TAGOMORI Satoshi
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-07-06 00:00:00.000000000 Z
11
+ date: 2014-08-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: fluentd
@@ -30,14 +30,14 @@ dependencies:
30
30
  requirements:
31
31
  - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: '0'
33
+ version: 0.3.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
- version: '0'
40
+ version: 0.3.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: resolve-hostname
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -112,9 +112,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
112
112
  version: '0'
113
113
  required_rubygems_version: !ruby/object:Gem::Requirement
114
114
  requirements:
115
- - - ">"
115
+ - - ">="
116
116
  - !ruby/object:Gem::Version
117
- version: 1.3.1
117
+ version: '0'
118
118
  requirements: []
119
119
  rubyforge_project:
120
120
  rubygems_version: 2.2.2
@@ -126,3 +126,4 @@ test_files:
126
126
  - test/plugin/test_in_secure_forward.rb
127
127
  - test/plugin/test_input_session.rb
128
128
  - test/plugin/test_out_secure_forward.rb
129
+ has_rdoc: