fluent-plugin-secure-forward 0.4.2 → 0.4.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 53520fbfdf6eb3170a1bacb8a335991052049c94
-  data.tar.gz: 916e33508be49cc39d6fa5afda87c7fc1e73dbf1
+  metadata.gz: 9601f59a121cd93cafea5680070f5576063161ef
+  data.tar.gz: 46d5cdff55de400c05415994a12b653439ecbfd1
 SHA512:
-  metadata.gz: ea76bd5840f8ddf6a41cf4a0c3ea0e0770f9c4069202750c60baec2e2ace27b0274c538b4a0e15f7adc6797453da0a727acfbe0c5b775a7ae8545b791f348bd5
-  data.tar.gz: 9b3fc434822817f57a27112699956f0e0a8b6b590b5c38353efefd5dbe5c69a5da0ecb60c4ad0cbcedcf4faaee8ec45080ebc6daeb241c1ba3af20a98ecdab82
+  metadata.gz: e6d160a617827e2ce82a57e85ae751325ba7ba71e7ade2c9b6ff7a4939e83deddd851b9fe6cb5cb7633831f8b2dc934de54734928cc59568b53ac0c043c1c72d
+  data.tar.gz: 93ba1ea3da142b50d972a891b02fd22a8575f91b6bfb9464bf6c6d7c2e164293b225a8fac95bdd5f7539797d6b4cad1636d748eb95bc4ae70f6caf7bd57eaa8b

data/.travis.yml

@@ -1,5 +1,5 @@
 language: ruby
 rvm:
-  - 2.0.0
-  - 2.1.8
-  - 2.2.4
+  - 2.1.10
+  - 2.2.5
+  - 2.3.1

data/example/auth_client.conf

@@ -1,19 +1,17 @@
 <source>
-  type forward
+  @type forward
 </source>
 
 <match test.**>
-  type secure_forward
-  self_hostname client
-  #shared_key hogeposxxx0
-  shared_key wrong_shared_key
+  @type secure_forward
+  self_hostname auth-client.local
+  secure no
+  shared_key hogeposxxx0
   <server>
     host localhost
     shared_key hogeposxxx1
     username tagomoris
     password 001122
-    # password XXYYZZ
-    # password wrong_pass
   </server>
   flush_interval 1s
 </match>

data/example/auth_server.conf

@@ -1,6 +1,7 @@
 <source>
-  type secure_forward
+  @type secure_forward
   self_hostname server
+  secure no
   shared_key hogeposxxx0
   cert_auto_generate yes
   allow_anonymous_source no
@@ -18,13 +19,12 @@
     password XXYYZZ
   </user>
   <client>
-    host localhost
+    host 127.0.0.1
     users tagomoris
     shared_key hogeposxxx1
-    # users sugomoris
   </client> 
 </source>
 
 <match test.**>
-  type stdout
+  @type stdout
 </match>

data/example/cacerts1/ca_cert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAggCAQEwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMxCzAJBgNV
+BAgMAkNBMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRkwFwYDVQQDDBBTZWN1cmVG
+b3J3YXJkIENBMB4XDTcwMDEwMTAwMDAwMFoXDTIxMDcyODA0MTczMVowTTELMAkG
+A1UEBhMCVVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRkw
+FwYDVQQDDBBTZWN1cmVGb3J3YXJkIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEA6661Su72owkCqTcIBHI1dTSnUCdRduk/Mzu8x2D8nwQRGPVroRwJ
+5ddqZsBpuKSfoZSZXLvL9d4VpLRxOzrM6+KhldxG5QNRIQTIE2Cw4xMop4nURLrP
+7z1KxM6o1U/lqLSO0GDBfyZS0xhNg8xN7nMObP/YiZYKse5BfLD8kXmhH0DkhOBl
++DPo7Vk8Yhs+930YLzrwOXLOi0w1bfSuTKjIUIxLH7jHiJ7NITH179r+BcyOraG8
+thv9QsRnPfgM0xOwdIEUPVbay7Q4wD6ZBqGHba+U49USdcq7lS86nYJa1Z5/s4SV
+lx+Jpnxf4IDKxpP7fh/Rofj8LV/CcHbfAQIDAQABoxAwDjAMBgNVHRMEBTADAQH/
+MA0GCSqGSIb3DQEBBQUAA4IBAQDSJRHzhPW4fLzb0PSbRZDdmECYiMjvtktUTZtE
+n0ATPOkQME2n6l/5m28rs+25wqhYrELhRVxE1SOBQQCmkUnxuSpI7+KgYJwetl7W
+IJZEWjC6R0NK05H44ZCNfDk/kNV1cq1Y78F3VtSfBm4ng6IOMf7NN8t8qyF1UEYT
+eZzasoFf1Njxnkg9ry1bCISGoU6swmZlE00h1JFV5xhg8rxDMzQCQ8j3PbH+8C40
+jQasBuBIb7z9XUfveeoRBWsPa0wlydYbJJo+i8HgF8Wg+qn6BG03A+1IuzzfgzLf
+o/aUGK98gi8JKPJ+GPVGBQqOk5UpT8RcyxdMGm7ZlE/TwXHd
+-----END CERTIFICATE-----

data/example/cacerts1/ca_key.pem

@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,B42AD5E6BF9AB7CCD39BC79D260E73BC
+
+PpbaxpBrgNeW85QjfZZaU8egw5bow3QX1eqZXeJW5+Kol7vRz9aciOeCVZ56IUfj
+8hivC2g5rHwwCMpipFoX6+Q1H+hfQZCuEgL8Ea7h8VTnHd6fxSQjUiTJdcmIsuPI
+3WaLPQm22mbkrEUOe4mwq5qu0YiKUdF9ExtZoiSKnaV+oHvFrOmOMGY3L8HlscpZ
+/qKEKp3bgJbsEPNHHW9VSU2ds8RUcWr9/MwAcAQJUTOpl7o4kAg5mCd/kx5tU2TW
+kkt2YBPxkUEZoww5aThjgMVyg4C6hF2jM1nNlaGpHMZ7SuZTJW7dw5T2aQv+s2G6
+6/9LD54PE07/cF7x+RlZ22q0ibPyLzJiu7rKBb5KwNgdnwQCq/c7dJaQsk1M3c5t
+mzoTn6JqKmyaWWrELD1EJq6ttcpMxCSb7UTpZxB3zMqsReplPgaOHx3V8Fi0mFup
+kmN4p5fMOm8PCSo3eSTyQzOpRyrYtZ24AorLZ1Tu1xAT5xl0S8kLxiulovKBAzS9
+h8dfpoCWZfn90I9NigrfKkQ4WxPizZAjwteYuhZ2GYfILz9ctLEcWhYMFzj65ahM
+Vo1w8Bb8rQ/sdgJlfu6V8C64b0UVvyacWSbWRHObhcVEeMLId+8cdR1EzhrWNvAb
+rpZia9bFxKZTIHuRbGhn7eEelZ4FEXsq97dn3a71pooQPEOUIbTEEI1zd3KaKsu6
+AtPm3pMij8AMPfUQA6UGA/5v0xU18fz90UWfjx3EzlOcHXK1iswFXZYJNy3BR4ao
+de01Nino5C88YXjuUSFFf75jL1Kw7zgLLGwfPvFYz57R2P9ujZ/0QjkFAq1C2Mti
+MaUFbBdy6mqE0vcUnrARpjWKuDr+wTm34miWmbF3WIjZQC3j4Q4zqbIZ28O+5pfP
+l12n2bGN6c7lqP7ueaOYXXI+4av/R29A89/9xFJ/cMJlmbfVwYKzLHWI7yRYFmAC
+HhUDWqyY/2bX5NF/OQNgWXJOG5mEgq42ygPFpNyF6Z8BeuGPnfwIQDf4X6kz5vP3
+a6kigDgs2Ma4AU9ZMiWOGDnUgSBQF00gECEkNV9b5scGyiqAsuvY/QTWDw04v+6E
+VI4ctDRkrJHc8Q+rWbFTsr3Za6LxjDo3LDbnWPG7e6tSEjW9fdJLtTvmB8klIa3J
+131YCkCXIKr5gs/AmyH7ccF7UCMuFA55TK1ZMIwwVIHmAmmwV0LZ63Syy8xWRrMk
+aieZTLovxJMybCW87X/AXcIlRFAHuy9+V35xrmeq3r1O7PG5aKlWXwSKGTAILQzl
+w0pIALqwAtHSXGnOIHtyQeu/AhZhVGEqb8uwa/7LGdchIxW/VOw+jzQFQTd/o/uO
+bNcFbs7iDTvOKmVOkAnKUG48ETe12mYiyn4HxHl8pDR2WGBN32VfbRkzKHVYhWcX
+xDwzMAfMH73pMGvdpTfZVI8GRcZEuPz0JvieQe4Esu6qHKgR8q9Onkl6RlqT9qVs
+8don37z0MA6ZKja3L56ObeVwRA1C4t1GDNyjB0bL1bMDnShPJSqROvEEhxt8AnHc
+XrrAnePUWah2DXqYxKKwahfdjdQjPX+kU+vy++izEj5QdFF84KOZJAeTYtRxTmlf
+-----END RSA PRIVATE KEY-----

data/example/cacerts2/ca_cert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAggCAQEwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMxCzAJBgNV
+BAgMAkNBMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRkwFwYDVQQDDBBTZWN1cmVG
+b3J3YXJkIENBMB4XDTcwMDEwMTAwMDAwMFoXDTIxMDcyODA0MzI1MlowTTELMAkG
+A1UEBhMCVVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRkw
+FwYDVQQDDBBTZWN1cmVGb3J3YXJkIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAtBX3hMotHdbUuIy9jnmHHUI2Pcn+hQnZzDw77ynEAtaFMchSTTeB
+etMl7FkaGYpEZSXEfCZmzZgbhTlh2Dq9TinqN3QqYij/zH0VN1jRjAWiHMSsz5E0
+cLvpLTm2oIrvJToMulAF2duH2hvPsnbBLV7Bm5sfzxSoMD6UM+yjkSyjSq9RlM6g
+QS3BsJc2+OOFzSpHw+h/H/xaqQPYscU9a4SWGsJKoP/il4dM8DZTiZUZW/3LD45C
+0J/t/qjbrWUhAnHa1iCVN9UYiq+AhBq+luOR6ZXQ847YFsjF9IL3SNrkFSI1cjl5
+6l3DxsuGSkWCMT+mUfr+W0BSnq1ShElOdQIDAQABoxAwDjAMBgNVHRMEBTADAQH/
+MA0GCSqGSIb3DQEBBQUAA4IBAQBr0Vt8xiic10D+zaJZebbGXn5zvkKPz9YgEJGj
+u37CPmlf46rk3Bpmm64QYzbliRUMfJ0uQc66k/0qvNgfokahHmV6QOsk7LpAFBKC
+pxyEH6w7iADP8IO+rMmnTrOGGIarjFOCkTNyR5TPHPQTIKY3Gf/yLIXguXEG7mKH
+40EJbN7KhxywO/oKW8a02Quv2vVQQjXBRLejuxK+JJvDzxRQoTFsvYtL5uJMwR5m
+IkGAdtMOwoqz4pY+mFnifjwpKy1llIk47RkbLx3uVb0y+OrWxh+KmF9sHuvnFDh7
+1vctdqOHQWc2RlprPO9Yxb7sBIVktWaOyU2JTjDmaS5BvXZu
+-----END CERTIFICATE-----

data/example/cacerts2/ca_key.pem

@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,B40E264210E818183F1296FDE1900ABA
+
+tPAdiPpZx0kEVsd1P668AH/lpGzc7YsLiy8hwUuleW39bi3aF+MC2f5oVhp8l3+B
+AT5LWsAsPooUX2lR2hGqcBsxr/u4bOtTTDRQjmqONWr1RdcTf10uM013mU6w/K4e
+qlj3+JiR1foBHmVyz47N+U93S5WhtSvfw5767QTnuNVP2N+ZYoVfloLz4ph+gcn4
+k9HPM0bsQMlXikFC3GU4P7Jw8vQPaiv7Jp34GOfX8kSiYvZJ/IhHe8RCytgPHDTr
+1lB7NNBC3ez0EkqGswPwRIYVbn2cR2bOzOdj12IROszdn8xK4iqOlZ7J/n30+Wq6
+KTBPF7NC04ie6cIfyr3gpYU5QiM5W+No5vYb8XjqryJSfyXtV0cf2vKlHChwBM/1
+HKe4p8JB3tGZ6oY3PWPl5z3h34t5H/c33DAhaCbAtJow1HUqgyGsscDKBnyBRTbx
+16bEZh533E0R2fvlAQNkAi2fQhJ12HV1mlZT3iY9cV2mfTQMxwfryqm8NmZpDaWB
+5qqJxlAg5fhRCLNbPz4ln3AAwyafR9e+C04kr1CqvxXKDQkPMBvlEMpMVYrl/ZVc
+wSqRuYChpMENk9tPEpqP9tnF4nIuWo4lJ2SxuYQa9Rf/RkTzulwMP1m8Vfn4F6EZ
+N66cf9iAnqlgaMWn/m2LnZO4OXkNUfQSvcZT0YjfP5RwOVs8reeSCVNjZyJyCHGS
+ROXAATGoJiSSaJYQgc1qmIQzJskMwAqZFKjM++gmD7Ba3gSmosmjKG2BJZmQcfBR
+ostQmS3yebsNE7RZRtI1oxI50QdZ5X6a8MEXRZTa0sHGppCXcSQ45IO7Ag1snNsa
+SfFeFOHwVv8RzKRLDSQBYK706onY2UuBTAuM+qpcOaO24H5sWB3MWICqGZde62Ff
+vBpo7CJfDbyR/jH/JtxbRL2qTDLRMccQlcEt5HIrnfkhE9boh6USSqtiINNe8R8R
+xtVYkCDuq1S7o2saGF40PHYPQMICV3e4I2/r44YGFAasbsAn2eBibpkWErFFaPfl
+lLUGTTKfFJCDTV1qikxq1StKBMOimPQLhn/KP+YNUzDeP15KABYhcgvRBhpcxZfw
+CLnTC+BTOddTd1A2imRn6q5BaF7EvE3bAnmhq14wK/c7ykMKT//R3vvFD47qhXLF
+vvv9PdTyxEGeNM4Mu5uwapUWo5gV1+aDqg3UoR0hszEWK60dkC4sTI5DaZbmhRh2
+JezoQATQnZ19XeEKQTt6XMi9goTzQ5c63TDGnYlCds/KV3fV5i0cQmSJCdsBtlnW
+8wPY0f/ejgdVU2AaxeWgPi7ivuT1/FU5F/TRNZRBigUH8vyXRRHjFC1S6Zl7d5bA
+Fp/Axpr2KxFlVFKzz0lmoYw9pO2mOMd1MQSTmHt81GZleyMpt6Rb0/QCa5dElRv6
+5YSY0jlEVfFomqO/gkuD2FduYrG5pvnFycELwEoLgkdQJUOKGKFWnAe8ZOnMfflZ
+4zODkvxAm0wbAw8PCPRL0l1/hHntt7f5cTKw1NiHwrvjJD8Umi/W4/7AsRZyHw0o
+9OBMQgliw0fKqo9ZY6y+tj+R7SomzWO7+8j6cGjDAJTxwbUwp/jQ9OG0XtxRHt/D
+-----END RSA PRIVATE KEY-----

data/example/cert_c.conf

@@ -1,14 +1,14 @@
 <source>
-  type forward
+  @type forward
 </source>
 
 <match test.**>
-  type secure_forward
+  @type secure_forward
   secure yes
   enable_strict_verification yes
   self_hostname client
   shared_key norikra2
-  ca_cert_path /Users/tagomoris/github/fluent-plugin-secure-forward/root.pem
+  ca_cert_path "#{Dir.pwd}/example/root.pem"
   <server>
     host 127.0.0.1
     hostlabel testing.fluentd.org

data/example/cert_client.conf

@@ -1,21 +1,19 @@
 <source>
-  type forward
+  @type forward
 </source>
 
 <match test.**>
-  type secure_forward
+  @type secure_forward
   secure yes
   self_hostname client
-  #shared_key hogeposxxx0
-  shared_key wrong_shared_key
+  shared_key hogeposxxx0
+  enable_strict_verification yes
   <server>
-    host localhost
+    host 127.0.0.1
     hostlabel tagomoris
     shared_key hogeposxxx1
     username tagomoris
     password 001122
-    # password XXYYZZ
-    # password wrong_pass
   </server>
   flush_interval 1s
 </match>

data/example/cert_copy_client.conf

@@ -0,0 +1,35 @@
+<source>
+  @type forward
+</source>
+
+<match test.**>
+  @type copy
+  <store>
+    @type secure_forward
+    secure yes
+    self_hostname client
+    shared_key hogeposxxx0
+    ca_cert_path "#{Dir.pwd}/example/cacerts1/ca_cert.pem"
+    enable_strict_verification yes
+    <server>
+      host localhost
+      port 24284
+      hostlabel server_a.local
+    </server>
+    flush_interval 1s
+  </store>
+  <store>
+    @type secure_forward
+    secure yes
+    self_hostname client
+    shared_key hogeposxxx0
+    ca_cert_path "#{Dir.pwd}/example/cacerts2/ca_cert.pem"
+    enable_strict_verification yes
+    <server>
+      host localhost
+      port 24285
+      hostlabel server_a.local
+    </server>
+    flush_interval 1s
+  </store>
+</match>

data/example/cert_copy_server_a.conf

@@ -0,0 +1,16 @@
+<source>
+  @type secure_forward
+  port 24284
+  secure yes
+  self_hostname server_a.local
+  shared_key hogeposxxx0
+  ca_cert_path        "#{Dir.pwd}/example/cacerts1/ca_cert.pem"
+  ca_private_key_path "#{Dir.pwd}/example/cacerts1/ca_key.pem"
+  ca_private_key_passphrase "my secret"
+  allow_anonymous_source yes
+  authentication no
+</source>
+
+<match test.**>
+  @type stdout
+</match>

data/example/cert_copy_server_b.conf

@@ -0,0 +1,16 @@
+<source>
+  @type secure_forward
+  port 24285
+  secure yes
+  self_hostname server_a.local
+  shared_key hogeposxxx0
+  ca_cert_path        "#{Dir.pwd}/example/cacerts2/ca_cert.pem"
+  ca_private_key_path "#{Dir.pwd}/example/cacerts2/ca_key.pem"
+  ca_private_key_passphrase "my secret 2"
+  allow_anonymous_source yes
+  authentication no
+</source>
+
+<match test.**>
+  @type stdout
+</match>

data/example/cert_i.conf

@@ -3,16 +3,16 @@
 # openssl s_client -connect testing.fluentd.org:24284 -showcerts
 
 <source>
-  type secure_forward
+  @type secure_forward
   secure yes
   self_hostname testing.fluentd.org
   shared_key norikra2
-  cert_path        /Users/tagomoris/github/fluent-plugin-secure-forward/example/certs/cert-with-intermediate.pem
-  private_key_path /Users/tagomoris/github/fluent-plugin-secure-forward/example/certs/key-for-with-intermediate.key
+  cert_path        "#{Dir.pwd}/example/certs/cert-with-intermediate.pem"
+  private_key_path "#{Dir.pwd}/example/certs/key-for-with-intermediate.key"
   private_key_passphrase norikra2
   authentication no
 </source>
 
 <match test.**>
-  type stdout
+  @type stdout
 </match>

data/example/cert_server.conf

@@ -1,13 +1,11 @@
 <source>
-  type secure_forward
+  @type secure_forward
   secure yes
-  self_hostname server
-  # self_hostname tagomoris
+  self_hostname tagomoris
   shared_key hogeposxxx0
-  cert_path        /Users/tagomoris/Documents/fluent-plugin-secure-forward/example/certs/cert.pem
-  private_key_path /Users/tagomoris/Documents/fluent-plugin-secure-forward/example/certs/key.pem
-  # blank passphrase
-  private_key_passphrase 
+  cert_path        "#{Dir.pwd}/example/certs/cert.pem"
+  private_key_path "#{Dir.pwd}/example/certs/key.pem"
+  private_key_passphrase # blank passphrase
   allow_anonymous_source no
   authentication yes
   <user>
@@ -23,13 +21,12 @@
     password XXYYZZ
   </user>
   <client>
-    host localhost
+    host 127.0.0.1
     users tagomoris
     shared_key hogeposxxx1
-    # users sugomoris
   </client> 
 </source>
 
 <match test.**>
-  type stdout
+  @type stdout
 </match>

data/example/client.conf

@@ -1,24 +1,16 @@
 <source>
-  type forward
+  @type forward
 </source>
 
 <match test.**>
-  type secure_forward
+  @type secure_forward
   secure yes
   self_hostname client
   shared_key hogeposxxx0
   keepalive 30
-  ca_cert_path /Users/tagomoris/github/fluent-plugin-secure-forward/test/tmp/cadir/ca_cert.pem
+  ca_cert_path "#{Dir.pwd}/test/tmp/cadir/ca_cert.pem"
   enable_strict_verification yes
   <server>
     host localhost
   </server>
-  # <server>
-  #   host localhost
-  #   standby yes
-  # </server>
-  # <server>
-  #   host localhost
-  # </server>
-  flush_interval 1s
 </match>

data/example/client_proxy.conf

@@ -1,26 +1,18 @@
 <source>
-  type forward
+  @type forward
 </source>
 
 <match test.**>
-  type secure_forward
+  @type secure_forward
   secure yes
   self_hostname client
   shared_key hogeposxxx0
   keepalive 30
-  ca_cert_path /Users/tagomoris/github/fluent-plugin-secure-forward/test/tmp/cadir/ca_cert.pem
+  ca_cert_path "#{Dir.pwd}/test/tmp/cadir/ca_cert.pem"
   enable_strict_verification yes
   <server>
     proxy_uri http://foo.foo.local:3128
     host localhost
   </server>
-  # <server>
-  #   proxy_uri http://bar.bar.local:3128
-  #   host localhost
-  #   standby yes
-  # </server>
-  # <server>
-  #   host localhost
-  # </server>
   flush_interval 1s
 </match>

data/example/insecure_client.conf

@@ -1,9 +1,9 @@
 <source>
-  type forward
+  @type forward
 </source>
 
 <match test.**>
-  type secure_forward
+  @type secure_forward
   secure no
   self_hostname client
   shared_key hogeposxxx0
@@ -12,12 +12,5 @@
   <server>
     host localhost
   </server>
-  # <server>
-  #   host localhost
-  #   standby yes
-  # </server>
-  # <server>
-  #   host localhost
-  # </server>
   flush_interval 1s
 </match>

data/example/insecure_server.conf

@@ -1,10 +1,10 @@
 <source>
-  type secure_forward
+  @type secure_forward
   secure no
   self_hostname localhost
   shared_key hogeposxxx0
 </source>
 
 <match test.**>
-  type stdout
+  @type stdout
 </match>

data/example/server.conf

@@ -1,13 +1,13 @@
 <source>
-  type secure_forward
+  @type secure_forward
   secure yes
   self_hostname localhost
   shared_key hogeposxxx0
-  ca_cert_path        /Users/tagomoris/github/fluent-plugin-secure-forward/test/tmp/cadir/ca_cert.pem
-  ca_private_key_path /Users/tagomoris/github/fluent-plugin-secure-forward/test/tmp/cadir/ca_key.pem
+  ca_cert_path        "#{Dir.pwd}/test/tmp/cadir/ca_cert.pem"
+  ca_private_key_path "#{Dir.pwd}/test/tmp/cadir/ca_key.pem"
   ca_private_key_passphrase testing secret phrase
 </source>
 
 <match test.**>
-  type stdout
+  @type stdout
 </match>

data/fluent-plugin-secure-forward.gemspec

@@ -1,7 +1,7 @@
 # -*- encoding: utf-8 -*-
 Gem::Specification.new do |gem|
   gem.name          = "fluent-plugin-secure-forward"
-  gem.version       = "0.4.2"
+  gem.version       = "0.4.3"
   gem.authors       = ["TAGOMORI Satoshi"]
   gem.email         = ["tagomoris@gmail.com"]
   gem.summary       = %q{Fluentd input/output plugin to forward over SSL with authentications}
@@ -15,7 +15,6 @@ Gem::Specification.new do |gem|
   gem.require_paths = ["lib"]
 
   gem.add_runtime_dependency "fluentd", ">= 0.10.46"
-  gem.add_runtime_dependency "fluent-mixin-config-placeholders", ">= 0.3.0"
   gem.add_runtime_dependency "resolve-hostname"
   gem.add_runtime_dependency "proxifier"
   gem.add_development_dependency "test-unit"

data/lib/fluent/plugin/in_secure_forward.rb

@@ -1,7 +1,12 @@
 # -*- coding: utf-8 -*-
 
 require 'fluent/input'
-require 'fluent/mixin/config_placeholders'
+
+require 'ipaddr'
+require 'socket'
+require 'openssl'
+require 'digest'
+require 'securerandom'
 
 module Fluent
   class SecureForwardInput < Input
@@ -19,8 +24,8 @@ module Fluent
 
     config_param :secure, :bool # if secure, cert_path or ca_cert_path required
 
+    config_param :hostname, :string, default: nil # This is evaluated after rewriting conf in fact.
     config_param :self_hostname, :string
-    include Fluent::Mixin::ConfigPlaceholders
 
     config_param :shared_key, :string, secret: true
 
@@ -73,15 +78,6 @@ module Fluent
 
     attr_reader :sessions # node/socket/thread list which has sslsocket instance keepaliving to client
 
-    def initialize
-      super
-      require 'ipaddr'
-      require 'socket'
-      require 'openssl'
-      require 'digest'
-      require 'securerandom'
-    end
-
     # Define `log` method for v0.10.42 or earlier
     unless method_defined?(:log)
       define_method("log") { $log }
@@ -92,7 +88,32 @@ module Fluent
       define_method("router") { Fluent::Engine }
     end
 
+    def initialize
+      super
+      @cert = nil
+    end
+
+    HOSTNAME_PLACEHOLDERS = [ '__HOSTNAME__', '${hostname}' ]
+
+    def replace_hostname_placeholder(conf, hostname)
+      replace_element = ->(c) {
+        c.keys.each do |key|
+          v = c[key]
+          if v && v.respond_to?(:include?) && v.respond_to?(:gsub)
+            if HOSTNAME_PLACEHOLDERS.any?{|ph| v.include?(ph) }
+              c[key] = HOSTNAME_PLACEHOLDERS.inject(v){|r, ph| r.gsub(ph, hostname) }
+            end
+          end
+        end
+        c.elements.each{|e| replace_element.call(e) }
+      }
+      replace_element.call(conf)
+    end
+
     def configure(conf)
+      hostname = conf.has_key?('hostname') ? conf['hostname'].to_s : Socket.gethostname
+      replace_hostname_placeholder(conf, hostname)
+
       super
 
       if @secure

data/lib/fluent/plugin/input_session.rb

@@ -72,7 +72,7 @@ class Fluent::SecureForwardInput::Session
     unless message.size == 6 && message[0] == 'PING'
       return false, 'invalid ping message'
     end
-    ping, hostname, shared_key_salt, shared_key_hexdigest, username, password_digest = message
+    _ping, hostname, shared_key_salt, shared_key_hexdigest, username, password_digest = message
 
     shared_key = if @node && @node[:shared_key]
                    @node[:shared_key]
@@ -156,7 +156,7 @@ class Fluent::SecureForwardInput::Session
       return
     end
 
-    proto, port, host, ipaddr = @socket.io.peeraddr
+    _proto, port, host, ipaddr = @socket.io.peeraddr
     @node = check_node(ipaddr)
     if @node.nil? && (! @receiver.allow_anonymous_source)
       log.warn "Connection required from unknown host '#{host}' (#{ipaddr}), disconnecting..."

data/lib/fluent/plugin/out_secure_forward.rb

@@ -1,7 +1,12 @@
 # -*- coding: utf-8 -*-
 
 require 'fluent/output'
-require 'fluent/mixin/config_placeholders'
+
+require 'socket'
+require 'openssl'
+require 'digest'
+require 'resolve/hostname'
+require 'securerandom'
 
 module Fluent
   class SecureForwardOutput < ObjectBufferedOutput
@@ -18,8 +23,8 @@ module Fluent
 
     config_param :secure, :bool
 
+    config_param :hostname, :string, default: nil # This is evaluated after rewriting conf in fact.
     config_param :self_hostname, :string
-    include Fluent::Mixin::ConfigPlaceholders
 
     config_param :shared_key, :string, secret: true
 
@@ -62,21 +67,32 @@ module Fluent
 
     attr_reader :hostname_resolver
 
-    def initialize
-      super
-      require 'socket'
-      require 'openssl'
-      require 'digest'
-      require 'resolve/hostname'
-      require 'securerandom'
-    end
-
     # Define `log` method for v0.10.42 or earlier
     unless method_defined?(:log)
       define_method("log") { $log }
     end
 
+    HOSTNAME_PLACEHOLDERS = [ '__HOSTNAME__', '${hostname}' ]
+
+    def replace_hostname_placeholder(conf, hostname)
+      replace_element = ->(c) {
+        c.keys.each do |key|
+          v = c[key]
+          if v && v.respond_to?(:include?) && v.respond_to?(:gsub)
+            if HOSTNAME_PLACEHOLDERS.any?{|ph| v.include?(ph) }
+              c[key] = HOSTNAME_PLACEHOLDERS.inject(v){|r, ph| r.gsub(ph, hostname) }
+            end
+          end
+        end
+        c.elements.each{|e| replace_element.call(e) }
+      }
+      replace_element.call(conf)
+    end
+
     def configure(conf)
+      hostname = conf.has_key?('hostname') ? conf['hostname'].to_s : Socket.gethostname
+      replace_hostname_placeholder(conf, hostname)
+
       super
 
       if @secure
@@ -84,7 +100,7 @@ module Fluent
           raise Fluent::ConfigError, "CA cert file not found nor readable at '#{@ca_cert_path}'" unless File.readable?(@ca_cert_path)
           begin
             OpenSSL::X509::Certificate.new File.read(@ca_cert_path)
-          rescue OpenSSL::X509::CertificateError => e
+          rescue OpenSSL::X509::CertificateError
             raise Fluent::ConfigError, "failed to load CA cert file"
           end
         else

data/lib/fluent/plugin/output_node.rb

@@ -166,7 +166,7 @@ class Fluent::SecureForwardOutput::Node
     unless message.size == 5 && message[0] == 'PONG'
       return false, 'invalid format for PONG message'
     end
-    pong, auth_result, reason, hostname, shared_key_hexdigest = message
+    _pong, auth_result, reason, hostname, shared_key_hexdigest = message
 
     unless auth_result
       return false, 'authentication failed: ' + reason
@@ -227,8 +227,14 @@ class Fluent::SecureForwardOutput::Node
     Thread.current.abort_on_exception = true
     log.debug "starting client"
 
-    addr = @sender.hostname_resolver.getaddress(@host)
-    log.debug "create tcp socket to node", host: @host, address: addr, port: @port
+    begin
+      addr = @sender.hostname_resolver.getaddress(@host)
+      log.debug "create tcp socket to node", host: @host, address: addr, port: @port
+    rescue => e
+      log.warn "failed to resolve the hostname", error_class: e.class, error: e, host: @host
+      @state = :failed
+      return
+    end
 
     begin
       if @proxy_uri.nil? then

data/test/plugin/test_in_secure_forward.rb

@@ -234,4 +234,37 @@ CONFIG
   ca_private_key_passphrase testing secret phrase
 CONFIG
   end
+
+  def test_configure_using_hostname
+    my_system_hostname = Socket.gethostname
+
+    d = create_driver(%[
+      secure false
+      shared_key    secret_string
+      self_hostname ${hostname}
+    ])
+    assert_equal my_system_hostname, d.instance.self_hostname
+
+    d = create_driver(%[
+      secure false
+      shared_key    secret_string
+      self_hostname __HOSTNAME__
+    ])
+    assert_equal my_system_hostname, d.instance.self_hostname
+
+    d = create_driver(%[
+      secure false
+      shared_key    secret_string
+      self_hostname test.${hostname}
+    ])
+    assert_equal "test.#{my_system_hostname}", d.instance.self_hostname
+
+    d = create_driver(%[
+      secure false
+      shared_key    secret_string
+      hostname dummy.local
+      self_hostname test.${hostname}
+    ])
+    assert_equal "test.dummy.local", d.instance.self_hostname
+  end
 end

data/test/plugin/test_out_secure_forward.rb

@@ -144,4 +144,53 @@ CONFIG
   </server>
 CONFIG
   end
+
+  def test_configure_using_hostname
+    my_system_hostname = Socket.gethostname
+
+    d = create_driver(%[
+      secure no
+      shared_key secret_string
+      self_hostname ${hostname}
+      <server>
+        host server.fqdn.local  # or IP
+        # port 24284
+      </server>
+    ])
+    assert_equal my_system_hostname, d.instance.self_hostname
+
+    d = create_driver(%[
+      secure no
+      shared_key secret_string
+      self_hostname __HOSTNAME__
+      <server>
+        host server.fqdn.local  # or IP
+        # port 24284
+      </server>
+    ])
+    assert_equal my_system_hostname, d.instance.self_hostname
+
+    d = create_driver(%[
+      secure no
+      shared_key secret_string
+      self_hostname test.${hostname}
+      <server>
+        host server.fqdn.local  # or IP
+        # port 24284
+      </server>
+    ])
+    assert_equal "test.#{my_system_hostname}", d.instance.self_hostname
+
+    d = create_driver(%[
+      secure no
+      shared_key secret_string
+      hostname dummy.local
+      self_hostname test.${hostname}
+      <server>
+        host server.fqdn.local  # or IP
+        # port 24284
+      </server>
+    ])
+    assert_equal "test.dummy.local", d.instance.self_hostname
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-secure-forward
 version: !ruby/object:Gem::Version
-  version: 0.4.2
+  version: 0.4.3
 platform: ruby
 authors:
 - TAGOMORI Satoshi
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-07-04 00:00:00.000000000 Z
+date: 2016-08-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fluentd
@@ -24,20 +24,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.10.46
-- !ruby/object:Gem::Dependency
-  name: fluent-mixin-config-placeholders
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.3.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.3.0
 - !ruby/object:Gem::Dependency
   name: resolve-hostname
   requirement: !ruby/object:Gem::Requirement
@@ -111,8 +97,15 @@ files:
 - bin/secure-forward-ca-generate
 - example/auth_client.conf
 - example/auth_server.conf
+- example/cacerts1/ca_cert.pem
+- example/cacerts1/ca_key.pem
+- example/cacerts2/ca_cert.pem
+- example/cacerts2/ca_key.pem
 - example/cert_c.conf
 - example/cert_client.conf
+- example/cert_copy_client.conf
+- example/cert_copy_server_a.conf
+- example/cert_copy_server_b.conf
 - example/cert_i.conf
 - example/cert_server.conf
 - example/certs/cert-with-intermediate.pem