fluent-plugin-splunk-hec 1.1.2 → 1.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (18) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +2 -0
  3. data/Gemfile.lock +125 -14
  4. data/README.md +136 -74
  5. data/Rakefile +6 -1
  6. data/VERSION +1 -1
  7. data/fluent-plugin-splunk-hec.gemspec +9 -3
  8. data/lib/fluent/plugin/out_splunk.rb +313 -0
  9. data/lib/fluent/plugin/{out_splunk_hec → out_splunk}/match_formatter.rb +5 -3
  10. data/lib/fluent/plugin/out_splunk/version.rb +3 -0
  11. data/lib/fluent/plugin/out_splunk_hec.rb +130 -190
  12. data/lib/fluent/plugin/out_splunk_hec/version.rb +2 -0
  13. data/lib/fluent/plugin/out_splunk_ingest_api.rb +109 -0
  14. data/test/fluent/plugin/out_splunk_hec_test.rb +232 -221
  15. data/test/fluent/plugin/out_splunk_ingest_api_test.rb +244 -0
  16. data/test/test_helper.rb +10 -7
  17. metadata +82 -23
  18. data/test/lib/webmock/http_lib_adapters/httpclient_adapter.rb +0 -0
data/test/fluent/plugin/out_splunk_ingest_api_test.rb ADDED
@@ -0,0 +1,244 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'test_helper'
4
+
5
+ describe Fluent::Plugin::SplunkIngestApiOutput do
6
+ include Fluent::Test::Helpers
7
+ include PluginTestHelper
8
+
9
+ INGEST_API_ENDPOINT = 'https://api.splunkbeta.com/tenant_name/ingest/v1beta2/events'
10
+ AUTH_TOKEN_ENDPOINT = 'https://api.splunkbeta.com/system/identity/v1/token'
11
+
12
+ before { Fluent::Test.setup } # setup router and others
13
+
14
+ it { expect(::Fluent::Plugin::SplunkIngestApiOutput::VERSION).wont_be_nil }
15
+
16
+ describe 'Required configs validation' do
17
+ it 'should have required fields' do
18
+ expect { create_api_output_driver }.must_raise Fluent::ConfigError
19
+ end
20
+
21
+ describe 'good_config' do
22
+ it {
23
+ instance = create_api_output_driver('service_client_identifier service_client_id',
24
+ 'service_client_secret_key secret_key',
25
+ 'ingest_api_tenant tenant_name').instance
26
+ expect(instance.service_client_identifier).must_equal 'service_client_id'
27
+ expect(instance.service_client_secret_key).must_equal 'secret_key'
28
+ expect(instance.ingest_api_tenant).must_equal 'tenant_name'
29
+ }
30
+ end
31
+ describe 'invalid host' do
32
+ it {
33
+ expect do
34
+ create_api_output_driver('ingest_api_host %bad-host%',
35
+ 'service_client_identifier service_client_id',
36
+ 'service_client_secret_key secret_key',
37
+ 'ingest_api_tenant tenant_name')
38
+ end.must_raise Fluent::ConfigError
39
+ }
40
+ end
41
+ describe 'missing tenant name' do
42
+ it {
43
+ expect do
44
+ create_api_output_driver('ingest_api_host %bad-host%',
45
+ 'service_client_identifier service_client_id',
46
+ 'service_client_secret_key secret_key',
47
+ 'ingest_api_tenant tenant_name')
48
+ end.must_raise Fluent::ConfigError
49
+ }
50
+ end
51
+ describe 'missing client identifier' do
52
+ it {
53
+ expect do
54
+ create_api_output_driver('ingest_api_host %bad-host%',
55
+ 'service_client_secret_key secret_key',
56
+ 'ingest_api_tenant tenant_name')
57
+ end.must_raise Fluent::ConfigError
58
+ }
59
+ end
60
+
61
+ describe 'missing secret key' do
62
+ it {
63
+ expect do
64
+ create_api_output_driver('ingest_api_host %bad-host%',
65
+ 'service_client_identifier service_client_id',
66
+ 'ingest_api_tenant tenant_name')
67
+ end.must_raise Fluent::ConfigError
68
+ }
69
+ end
70
+ end
71
+
72
+ it 'should not fail to start when provided bad auth' do
73
+ stub_failed_auth
74
+ driver = create_api_output_driver('service_client_identifier service_client_id',
75
+ 'service_client_secret_key secret_key',
76
+ 'ingest_api_tenant tenant_name')
77
+ driver.run
78
+ end
79
+
80
+ it 'should send request to Splunk' do
81
+ req = verify_sent_events do |batch|
82
+ expect(batch.size).must_equal 2
83
+ end
84
+ expect(req).must_be_requested times: 1
85
+ end
86
+
87
+ it 'should have an index in the attributes slot' do
88
+ verify_sent_events(conf: %(
89
+ index my_index
90
+ )) do |batch|
91
+ batch.each do |item|
92
+ expect(item['attributes']['index']).must_equal 'my_index'
93
+ end
94
+ end
95
+ end
96
+
97
+ it 'should have attrbutes not fields' do
98
+ verify_sent_events do |batch|
99
+ batch.each do |item|
100
+ expect(item).wont_include :fields
101
+ expect(item).includes :attributes
102
+ end
103
+ end
104
+ end
105
+
106
+ it 'should have body not event' do
107
+ verify_sent_events do |batch|
108
+ batch.each do |item|
109
+ expect(item).wont_include :event
110
+ expect(item).includes :body
111
+ end
112
+ end
113
+ end
114
+
115
+ it 'should have a timestamp and nanos' do
116
+ verify_sent_events do |batch|
117
+ batch.each do |item|
118
+ expect(item).wont_include :time
119
+ expect(item).includes :timestamp
120
+ expect(item).includes :nanos
121
+ end
122
+ end
123
+ end
124
+
125
+ it 'should raise error on 401/429 to force retry' do
126
+ # Try to quiet this down some.
127
+ report_on_exception = Thread.report_on_exception
128
+ Thread.report_on_exception = false
129
+ begin
130
+ expect do
131
+ verify_sent_events status: 429
132
+ end.must_raise RuntimeError
133
+
134
+ expect do
135
+ verify_sent_events status: 401
136
+ end.must_raise RuntimeError
137
+ ensure
138
+ Thread.report_on_exception = report_on_exception
139
+ end
140
+ end
141
+
142
+ it 'should not send an empty log message' do
143
+ verify_sent_events conf: %(
144
+ <format>
145
+ @type single_value
146
+ message_key log
147
+ add_newline false
148
+ </format>), event: { 'log' => "\n" } do |batch|
149
+ batch.each do |_item|
150
+ raise 'No message should be sent'
151
+ end
152
+ end
153
+ end
154
+
155
+ # it 'should send index from filters' do
156
+ # verify_sent_events conf: %[
157
+ # <filter>
158
+ # @type record_transformer
159
+ # enable_ruby
160
+ # <record>
161
+ # index ${ENV['SPLUNK_INDEX']}
162
+ # </record>
163
+ # </filter>
164
+ # ], event: {"log" => "This is the log", "index" => "indexname"} do |batch|
165
+ # batch.each do |item|
166
+ # item[:attrbutes][:index].
167
+ # fail "No message should be sent"
168
+ # end
169
+ # end
170
+ # end
171
+
172
+ def create_api_output_driver(*configs)
173
+ Fluent::Test::Driver::Output.new(Fluent::Plugin::SplunkIngestApiOutput).tap do |d|
174
+ d.configure(configs.join("\n"))
175
+ end
176
+ end
177
+
178
+ DEFAULT_EVENT = {
179
+ log: 'everything is good',
180
+ level: 'info',
181
+ from: 'my_machine',
182
+ file: 'cool.log',
183
+ value: 100,
184
+ agent: {
185
+ name: 'test',
186
+ version: '1.0.0'
187
+ }
188
+ }.freeze
189
+
190
+ def verify_sent_events(args = {})
191
+ conf = args[:conf] || ''
192
+ event = args[:event] || DEFAULT_EVENT
193
+ status = args[:status] || 200
194
+
195
+ events = [
196
+ ['tag.event1', event_time, { id: '1st' }.merge(Marshal.load(Marshal.dump(event)))],
197
+ ['tag.event2', event_time, { id: '2nd' }.merge(Marshal.load(Marshal.dump(event)))]
198
+ ]
199
+
200
+ @driver = create_api_output_driver('service_client_identifier service_client_id',
201
+ 'service_client_secret_key secret_key',
202
+ 'ingest_api_tenant tenant_name',
203
+ conf)
204
+
205
+ api_req = if status == 200
206
+ stub_successful_api_request.with do |r|
207
+ yield r.body.split(/(?={)\s*(?<=})/).map { |item| JSON.load item }.first
208
+ end
209
+ else
210
+ stub_failed_api_request status
211
+ end
212
+
213
+ @driver.run do
214
+ events.each { |evt| @driver.feed *evt }
215
+ end
216
+
217
+ api_req
218
+ end
219
+
220
+ def stub_successful_auth
221
+ stub_request(:post, AUTH_TOKEN_ENDPOINT)
222
+ .to_return(body: '{"access_token":"bearer token","token_type":"Bearer","expires_in":432000,"scope":"client_credentials"}')
223
+ end
224
+
225
+ def stub_failed_auth
226
+ stub_request(:post, AUTH_TOKEN_ENDPOINT)
227
+ .to_return(status: 401,
228
+ body: '{"error":"invalid_client","error_description":"The client secret supplied for a confidential client is invalid."}')
229
+ end
230
+
231
+ def stub_successful_api_request
232
+ stub_successful_auth
233
+
234
+ stub_request(:post, INGEST_API_ENDPOINT)
235
+ .to_return(body: '{"message":"Success","code":"SUCCESS"}')
236
+ end
237
+
238
+ def stub_failed_api_request(status)
239
+ stub_successful_auth
240
+
241
+ stub_request(:post, INGEST_API_ENDPOINT)
242
+ .to_return(body: '', status: status)
243
+ end
244
+ end
data/test/test_helper.rb CHANGED
@@ -1,9 +1,12 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'simplecov'
2
4
  SimpleCov.start
3
5
 
4
- $LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
5
- $LOAD_PATH.unshift File.expand_path('../lib', __FILE__)
6
+ $LOAD_PATH.unshift File.expand_path('../lib', __dir__)
7
+ $LOAD_PATH.unshift File.expand_path('lib', __dir__)
6
8
  require 'fluent/plugin/out_splunk_hec'
9
+ require 'fluent/plugin/out_splunk_ingest_api'
7
10
 
8
11
  require 'fluent/test'
9
12
  require 'fluent/test/driver/output'
@@ -17,7 +20,7 @@ module Minitest::Expectations
17
20
  infect_an_assertion :assert_not_requested, :wont_be_requested, :reverse
18
21
  end
19
22
 
20
- TEST_HEC_TOKEN = 'some-token'.freeze
23
+ TEST_HEC_TOKEN = 'some-token'
21
24
 
22
25
  module PluginTestHelper
23
26
  def fluentd_conf_for(*lines)
@@ -27,16 +30,16 @@ module PluginTestHelper
27
30
  (basic_config + lines).join("\n")
28
31
  end
29
32
 
30
- def create_output_driver(*configs)
31
- Fluent::Test::Driver::Output.new(Fluent::Plugin::SplunkHecOutput).tap { |d|
33
+ def create_hec_output_driver(*configs)
34
+ Fluent::Test::Driver::Output.new(Fluent::Plugin::SplunkHecOutput).tap do |d|
32
35
  d.configure(fluentd_conf_for(*configs))
33
- }
36
+ end
34
37
  end
35
38
 
36
39
  def stub_hec_request(endpoint)
37
40
  stub_request(:post, "#{endpoint}/services/collector")
38
41
  .with(headers: { 'Authorization' => "Splunk #{TEST_HEC_TOKEN}",
39
- 'User-Agent' => "fluent-plugin-splunk_hec_out/#{Fluent::Plugin::SplunkHecOutput::VERSION}" })
42
+ 'User-Agent' => "fluent-plugin-splunk_hec_out/#{Fluent::Plugin::SplunkHecOutput::VERSION}" })
40
43
  .to_return(body: '{"text":"Success","code":0}')
41
44
  end
42
45
  end
metadata CHANGED
@@ -1,27 +1,41 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-splunk-hec
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.2
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Splunk Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-06-12 00:00:00.000000000 Z
11
+ date: 2019-10-16 00:00:00.000000000 Z
12
12
  dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: fluent-plugin-kubernetes_metadata_filter
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - '='
18
+ - !ruby/object:Gem::Version
19
+ version: 2.1.2
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - '='
25
+ - !ruby/object:Gem::Version
26
+ version: 2.1.2
13
27
  - !ruby/object:Gem::Dependency
14
28
  name: fluentd
15
29
  requirement: !ruby/object:Gem::Requirement
16
30
  requirements:
17
- - - "~>"
31
+ - - '='
18
32
  - !ruby/object:Gem::Version
19
33
  version: '1.4'
20
34
  type: :runtime
21
35
  prerelease: false
22
36
  version_requirements: !ruby/object:Gem::Requirement
23
37
  requirements:
24
- - - "~>"
38
+ - - '='
25
39
  - !ruby/object:Gem::Version
26
40
  version: '1.4'
27
41
  - !ruby/object:Gem::Dependency
@@ -52,6 +66,34 @@ dependencies:
52
66
  - - "~>"
53
67
  - !ruby/object:Gem::Version
54
68
  version: '3.0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: openid_connect
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: 1.1.6
76
+ type: :runtime
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: 1.1.6
83
+ - !ruby/object:Gem::Dependency
84
+ name: prometheus-client
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: 0.9.0
90
+ type: :runtime
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: 0.9.0
55
97
  - !ruby/object:Gem::Dependency
56
98
  name: bundler
57
99
  requirement: !ruby/object:Gem::Requirement
@@ -81,61 +123,75 @@ dependencies:
81
123
  - !ruby/object:Gem::Version
82
124
  version: '12.0'
83
125
  - !ruby/object:Gem::Dependency
84
- name: test-unit
126
+ name: minitest
85
127
  requirement: !ruby/object:Gem::Requirement
86
128
  requirements:
87
129
  - - "~>"
88
130
  - !ruby/object:Gem::Version
89
- version: '3.0'
131
+ version: '5.0'
90
132
  type: :development
91
133
  prerelease: false
92
134
  version_requirements: !ruby/object:Gem::Requirement
93
135
  requirements:
94
136
  - - "~>"
95
137
  - !ruby/object:Gem::Version
96
- version: '3.0'
138
+ version: '5.0'
97
139
  - !ruby/object:Gem::Dependency
98
- name: minitest
140
+ name: rubocop
99
141
  requirement: !ruby/object:Gem::Requirement
100
142
  requirements:
101
143
  - - "~>"
102
144
  - !ruby/object:Gem::Version
103
- version: '5.0'
145
+ version: 0.63.1
104
146
  type: :development
105
147
  prerelease: false
106
148
  version_requirements: !ruby/object:Gem::Requirement
107
149
  requirements:
108
150
  - - "~>"
109
151
  - !ruby/object:Gem::Version
110
- version: '5.0'
152
+ version: 0.63.1
111
153
  - !ruby/object:Gem::Dependency
112
- name: webmock
154
+ name: simplecov
113
155
  requirement: !ruby/object:Gem::Requirement
114
156
  requirements:
115
157
  - - "~>"
116
158
  - !ruby/object:Gem::Version
117
- version: 3.5.0
159
+ version: 0.16.1
118
160
  type: :development
119
161
  prerelease: false
120
162
  version_requirements: !ruby/object:Gem::Requirement
121
163
  requirements:
122
164
  - - "~>"
123
165
  - !ruby/object:Gem::Version
124
- version: 3.5.0
166
+ version: 0.16.1
125
167
  - !ruby/object:Gem::Dependency
126
- name: simplecov
168
+ name: test-unit
127
169
  requirement: !ruby/object:Gem::Requirement
128
170
  requirements:
129
171
  - - "~>"
130
172
  - !ruby/object:Gem::Version
131
- version: 0.16.1
173
+ version: '3.0'
132
174
  type: :development
133
175
  prerelease: false
134
176
  version_requirements: !ruby/object:Gem::Requirement
135
177
  requirements:
136
178
  - - "~>"
137
179
  - !ruby/object:Gem::Version
138
- version: 0.16.1
180
+ version: '3.0'
181
+ - !ruby/object:Gem::Dependency
182
+ name: webmock
183
+ requirement: !ruby/object:Gem::Requirement
184
+ requirements:
185
+ - - "~>"
186
+ - !ruby/object:Gem::Version
187
+ version: 3.5.0
188
+ type: :development
189
+ prerelease: false
190
+ version_requirements: !ruby/object:Gem::Requirement
191
+ requirements:
192
+ - - "~>"
193
+ - !ruby/object:Gem::Version
194
+ version: 3.5.0
139
195
  description: |-
140
196
  A fluentd output plugin created by Splunk
141
197
  that writes events to splunk indexers over HTTP Event Collector API.
@@ -153,15 +209,18 @@ files:
153
209
  - Rakefile
154
210
  - VERSION
155
211
  - fluent-plugin-splunk-hec.gemspec
212
+ - lib/fluent/plugin/out_splunk.rb
213
+ - lib/fluent/plugin/out_splunk/match_formatter.rb
214
+ - lib/fluent/plugin/out_splunk/version.rb
156
215
  - lib/fluent/plugin/out_splunk_hec.rb
157
- - lib/fluent/plugin/out_splunk_hec/match_formatter.rb
158
216
  - lib/fluent/plugin/out_splunk_hec/version.rb
217
+ - lib/fluent/plugin/out_splunk_ingest_api.rb
159
218
  - test/fluent/plugin/out_splunk_hec_test.rb
219
+ - test/fluent/plugin/out_splunk_ingest_api_test.rb
160
220
  - test/lib/webmock/http_lib_adapters/curb_adapter.rb
161
221
  - test/lib/webmock/http_lib_adapters/em_http_request_adapter.rb
162
222
  - test/lib/webmock/http_lib_adapters/excon_adapter.rb
163
223
  - test/lib/webmock/http_lib_adapters/http_rb_adapter.rb
164
- - test/lib/webmock/http_lib_adapters/httpclient_adapter.rb
165
224
  - test/lib/webmock/http_lib_adapters/manticore_adapter.rb
166
225
  - test/lib/webmock/http_lib_adapters/patron_adapter.rb
167
226
  - test/lib/webmock/http_lib_adapters/typhoeus_hydra_adapter.rb
@@ -185,18 +244,18 @@ required_rubygems_version: !ruby/object:Gem::Requirement
185
244
  - !ruby/object:Gem::Version
186
245
  version: '0'
187
246
  requirements: []
188
- rubygems_version: 3.0.1
247
+ rubygems_version: 3.0.6
189
248
  signing_key:
190
249
  specification_version: 4
191
250
  summary: Fluentd plugin for Splunk HEC.
192
251
  test_files:
193
- - test/fluent/plugin/out_splunk_hec_test.rb
194
- - test/lib/webmock/http_lib_adapters/patron_adapter.rb
195
- - test/lib/webmock/http_lib_adapters/manticore_adapter.rb
196
252
  - test/lib/webmock/http_lib_adapters/em_http_request_adapter.rb
197
253
  - test/lib/webmock/http_lib_adapters/typhoeus_hydra_adapter.rb
254
+ - test/lib/webmock/http_lib_adapters/patron_adapter.rb
198
255
  - test/lib/webmock/http_lib_adapters/curb_adapter.rb
199
- - test/lib/webmock/http_lib_adapters/httpclient_adapter.rb
256
+ - test/lib/webmock/http_lib_adapters/manticore_adapter.rb
200
257
  - test/lib/webmock/http_lib_adapters/http_rb_adapter.rb
201
258
  - test/lib/webmock/http_lib_adapters/excon_adapter.rb
259
+ - test/fluent/plugin/out_splunk_ingest_api_test.rb
260
+ - test/fluent/plugin/out_splunk_hec_test.rb
202
261
  - test/test_helper.rb