fluent-plugin-syslog-tls-long-timeout 0.6.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 64e52e87df39b54b06e4cddf294652a8a34eba36
-  data.tar.gz: ec3357cc8e72236d818a7b6408d55a71de9fe80f
+  metadata.gz: 5a1ddda33cd3b20fd4d0fd9b8afa1fa1a223bcf3
+  data.tar.gz: fed039db676f7d7ad542afb25be5715c1455be72
 SHA512:
-  metadata.gz: 5c46aed8f189147a19aa35769461151301b2d8b4433d3c663cd71b991da7989d75bc64fcc282ebc2416ef63fa331fbec15570e1350c4d6addb8176b461a8cbff
-  data.tar.gz: 5b50c8b8c7d91e38339560ec7a463cc21bdda896a3fd25d5509d7aff70df1bbb7e0da07c618e7bef1aef617878d511e779723d9b22e0a3e8ccb3662aff661e93
+  metadata.gz: ade57f3044da97a10e90cb9084a4e778cc5e363291b5987701ba2f96ec026779b271da607d6ce00dd77181c5a005feeb073239c63ac810e4e547fb6cd5d0522c
+  data.tar.gz: 7e3480a90714b3070ebbaa9c387e9e3e61175660070e7a53daa679bcbd9d5c6251228180a884f6ddb0f62e13f1e7c6ba453ca965d6ae950db5a638cfc5a58fca

data/CHANGELOG.md

@@ -1,17 +1,41 @@
-Note: v0.5+ is compatible with Fluent 0.12. Use v1.0+ with Fluent 0.14.
+#### 2.0.0
 
-#### 0.6.0
-* Backport `ca_cert` from master to fluent-0.12 branch
-  - Added `ca_cert` to validate the remote certificate. Defaults to 'system' which uses the system certificate store.
+* Require Ruby 2.4
+* Support SNI and enable cert name verification by default. **This changes the default behavior** and may cause issues if the remote server's cert does not match the configured hostname.
+* Add `verify_cert_name` to enable (default) or disable cert name verification.
+  Note: `ca_cert` verifies the certificate signing chain. `verify_cert_name` verifies the CN/SAN name on the cert.
 
 
-#### 0.5.0
+#### 1.2.1
+
+* Support Fluentd 1.0 (same API as 0.14).
+
+
+#### 1.2.0
+
+* Improve compliance with Fluentd 0.14 API.
+* Eliminate excess Message#header object creation.
+
+
+#### 1.1.0
 
-Comparable to 1.0.0 from [master (Fluent 0.14) branch](https://github.com/zarqman/fluent-plugin-syslog-tls).
+* Renamed `cert` and `key` to `client_cert` and `client_key` respectively.
+* Change to short timeouts on network calls so logging doesn't go dead for extended periods.
+* Added `idle_timeout` to force upstream reconnection after a period of time with no traffic for a particular tag. Useful for low-traffic senders. Not recommended for high-traffic.
+* Added `ca_cert` to validate the remote certificate. Defaults to 'system' which uses the system certificate store.
+
+
+#### 1.0.0
 
 * Standard fluent formatting plugins are supported. Json output remains the default.
 * `token` (Structured Data in syslog terms) is now optional, for syslog hosts that don't require it.
 * Message payload in the syslog packet no longer duplicates Time or includes Tag by default.
+* Requires Fluent 0.14.
+
+
+#### 0.5.0
+
+Comparable to v1.0.0, but compatible with Fluent 0.12.
 
 
 #### < 0.2.0

data/Gemfile.lock

@@ -1,72 +1,71 @@
 PATH
   remote: .
   specs:
-    fluent-plugin-syslog-tls (0.6.0)
-      fluent-mixin-config-placeholders (~> 0.3)
-      fluentd (~> 0.12.0)
+    fluent-plugin-syslog-tls (2.0.0)
+      fluentd (>= 0.14.0, < 2)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.5.1)
-      public_suffix (~> 2.0, >= 2.0.2)
-    cool.io (1.5.0)
-    coveralls (0.8.21)
+    addressable (2.6.0)
+      public_suffix (>= 2.0.2, < 4.0)
+    cool.io (1.5.4)
+    coveralls (0.8.23)
       json (>= 1.8, < 3)
-      simplecov (~> 0.14.1)
+      simplecov (~> 0.16.1)
       term-ansicolor (~> 1.3)
-      thor (~> 0.19.4)
+      thor (>= 0.19.4, < 2.0)
       tins (~> 1.6)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
-    docile (1.1.5)
-    fluent-mixin-config-placeholders (0.4.0)
-      fluentd
-      uuidtools (>= 2.1.5)
-    fluentd (0.12.39)
-      cool.io (>= 1.2.2, < 2.0.0)
+    dig_rb (1.0.1)
+    docile (1.3.1)
+    fluentd (1.5.0)
+      cool.io (>= 1.4.5, < 2.0.0)
+      dig_rb (~> 1.0.0)
       http_parser.rb (>= 0.5.1, < 0.7.0)
-      json (>= 1.4.3)
-      msgpack (>= 0.5.11, < 2)
+      msgpack (>= 0.7.0, < 2.0.0)
+      serverengine (>= 2.0.4, < 3.0.0)
       sigdump (~> 0.2.2)
-      string-scrub (>= 0.0.3, <= 0.0.5)
-      tzinfo (>= 1.0.0)
-      tzinfo-data (>= 1.0.0)
+      strptime (>= 0.2.2, < 1.0.0)
+      tzinfo (~> 1.0)
+      tzinfo-data (~> 1.0)
       yajl-ruby (~> 1.0)
-    hashdiff (0.3.5)
+    hashdiff (0.4.0)
     http_parser.rb (0.6.0)
-    json (2.1.0)
-    minitest (5.10.3)
-    minitest-stub_any_instance (1.0.1)
-    msgpack (1.1.0)
-    power_assert (1.0.2)
-    public_suffix (2.0.5)
-    rake (10.5.0)
-    safe_yaml (1.0.4)
+    json (2.2.0)
+    minitest (5.11.3)
+    minitest-stub_any_instance (1.0.2)
+    msgpack (1.2.10)
+    power_assert (1.1.4)
+    public_suffix (3.1.0)
+    rake (12.3.2)
+    safe_yaml (1.0.5)
+    serverengine (2.1.1)
+      sigdump (~> 0.2.2)
     sigdump (0.2.4)
-    simplecov (0.14.1)
-      docile (~> 1.1.0)
+    simplecov (0.16.1)
+      docile (~> 1.1)
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.1)
-    string-scrub (0.0.5)
-    term-ansicolor (1.6.0)
+    simplecov-html (0.10.2)
+    strptime (0.2.3)
+    term-ansicolor (1.7.1)
       tins (~> 1.0)
-    test-unit (3.2.5)
+    test-unit (3.3.3)
       power_assert
-    thor (0.19.4)
+    thor (0.20.3)
     thread_safe (0.3.6)
-    tins (1.15.0)
-    tzinfo (1.2.3)
+    tins (1.20.3)
+    tzinfo (1.2.5)
       thread_safe (~> 0.1)
-    tzinfo-data (1.2017.2)
+    tzinfo-data (1.2019.1)
       tzinfo (>= 1.0.0)
-    uuidtools (2.1.5)
-    webmock (2.3.2)
+    webmock (3.5.1)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff
-    yajl-ruby (1.3.0)
+    yajl-ruby (1.4.1)
 
 PLATFORMS
   ruby
@@ -76,10 +75,10 @@ DEPENDENCIES
   fluent-plugin-syslog-tls!
   minitest (~> 5.8)
   minitest-stub_any_instance (~> 1.0.0)
-  rake (~> 10.5)
+  rake
   simplecov (~> 0.11)
   test-unit (~> 3.1)
-  webmock (~> 2.0)
+  webmock (~> 3.0)
 
 BUNDLED WITH
-   1.14.6
+   1.17.3

data/README.md

@@ -10,14 +10,14 @@ Tested with [Papertrail](https://papertrailapp.com) and should also work with [S
 ## Installation
 
 ```sh
-$ gem install fluent-plugin-syslog-tls -v '~> 0.6'
+$ gem install fluent-plugin-syslog-tls
 ```
 or
 ```sh
-$ td-agent-gem install fluent-plugin-syslog-tls -v '~> 0.6'
+$ td-agent-gem install fluent-plugin-syslog-tls
 ```
 
-_Hint: Use v0.5+ for Fluentd 0.12 and v1.0+ for Fluentd 0.14. (See Version Compatibility below.)_
+Note: `fluent-plugin-syslog-tls` is compatible with Fluent 1.0 (and 0.14). For Fluent 0.12, see the `fluent-0.12` branch.
 
 
 ## Configuration
@@ -48,17 +48,9 @@ Papertrail:
 For more configuration options see [configuration docs](docs/configuration.md)
 
 
-## Version Compatibility
-
-* v0.x.x of this plugin is compatible with the Fluentd 0.12 series.
-* v1.x.x of this plugin is compatible with the Fluentd 0.14 series.
-
-Note that the v1.x series has more features and is more robust than the v0.x series.
-
-
 ## Origin/History
 
-This plugin is derived from [Fluent::Plugin::SumologicCloudSyslog](https://github.com/acquia/fluent-plugin-sumologic-cloud-syslog). Changes for the v0.x+ series are in this branch's [Changelog](CHANGELOG.md).
+This plugin is derived from [Fluent::Plugin::SumologicCloudSyslog](https://github.com/acquia/fluent-plugin-sumologic-cloud-syslog). Changes are in the [Changelog](CHANGELOG.md).
 
 
 ## License

data/docs/configuration.md

@@ -15,23 +15,31 @@ Host represents DNS name of endpoint where should be data sent. Example: `syslog
 
 Example: `6514`
 
+### idle_timeout
+
+If a given tag has gone this many seconds between log messages, disconnect and reconnect before sending logs. Useful in low-traffic logging situations with remote hosts that disconnect after a period of time. Disabled by default. Example: `600`
+
 ### ca_cert
 
-Whether and how to verify the server's TLS certificate. Examples:
+Whether and how to verify the server's TLS certificate signing chain. Examples:
 * ca_cert system - Default; use the system CA certificate store (which must then be configured correctly)
 * ca_cert false - Disable verification; not recommended
 * ca_cert /path/to/file - A path+filename to a single CA file
 * ca_cert /path/to/dir/ - A directory of CA files (in format that OpenSSL can parse); must end with /
 
+### verify_cert_name
+
+Whether to verify that the server's cert matches `host`. Enabled by default (except when `ca_cert false`). Recommended; helps prevent MitM attacks. Example: `true`
+
 ### token
 
 Some services require a token to identify the account. Example: `ABABABABABABA@99999`. Not required for Papertrail.
 
-### cert
+### client_cert
 
 Optionally path to client certificate for TLS connection. Example: `/path/to/crt/file.crt`
 
-### key
+### client_key
 
 Optionally path to client private key for TLS connection. Example: `/path/to/key/file.key`
 
@@ -80,6 +88,7 @@ Optionally record key where to get msgid from the record. If not provided nil va
   @type syslog_tls
   host logs1.papertrailapp.com
   port 12345
+  idle_timeout 720
 
   hostname static-hostname
   facility SYSLOG
@@ -95,7 +104,7 @@ Optionally record key where to get msgid from the record. If not provided nil va
   msgid_key ...
 
   # Fluent's standard formatting options are supported. Default is 'json'.
-  # Example: For Docker logs sent to Papertrail, sending only the log text:
+  # Example: For Docker logs sent to Papertrail, send only the log text:
   format single_value
   message_key log
 </match>
@@ -107,8 +116,9 @@ Optionally record key where to get msgid from the record. If not provided nil va
   host syslog.collection.us1.sumologic.com
   port 6514
   token [token]@[iana-id]
-  cert /path/to/cert/file.crt
-  key /path/to/key/file.key
+  client_cert /path/to/cert/file.crt
+  client_key /path/to/key/file.key
+  verify_cert_name true
 
   hostname static-hostname
   facility SYSLOG

data/fluent-plugin-syslog-tls.gemspec

@@ -1,5 +1,5 @@
 # Copyright 2016 Acquia, Inc.
-# Copyright 2016 t.e.morgan.
+# Copyright 2016-2019 t.e.morgan.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ require 'syslog_tls/version'
 Gem::Specification.new do |s|
   s.name          = 'fluent-plugin-syslog-tls-long-timeout'
   s.version       = SyslogTls::VERSION
-  s.authors       = ['thomas morgan']
-  s.email         = ['tm@iprog.com']
+  s.authors       = ['thomas morgan', 'lukasz stanik']
+  s.email         = ['tm@iprog.com', 'stanik.lukasz@outlook.com']
   s.summary       = %q{Fluent Syslog TLS output plugin}
   s.description   = %q{Syslog TLS output plugin with formatting support, for Fluentd}
   s.homepage      = 'https://github.com/zarqman/fluent-plugin-syslog-tls'
@@ -30,15 +30,14 @@ Gem::Specification.new do |s|
   s.executables   = s.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
   s.test_files    = s.files.grep(%r{^(test|spec|features)/})
   s.require_paths = ['lib']
-  s.required_ruby_version = '>= 2.0.0'
+  s.required_ruby_version = '>= 2.4'
 
-  s.add_runtime_dependency 'fluentd', '~> 0.12.0'
-  s.add_runtime_dependency 'fluent-mixin-config-placeholders', '~> 0.3'
+  s.add_runtime_dependency 'fluentd', [">= 0.14.0", "< 2"]
 
   s.add_development_dependency 'minitest', '~> 5.8'
   s.add_development_dependency 'minitest-stub_any_instance', '~> 1.0.0'
-  s.add_development_dependency 'rake', '~> 10.5'
+  s.add_development_dependency 'rake'
   s.add_development_dependency 'test-unit', '~> 3.1'
-  s.add_development_dependency 'webmock', '~> 2.0'
+  s.add_development_dependency 'webmock', '~> 3.0'
   s.add_development_dependency 'simplecov', '~> 0.11'
 end

data/lib/fluent/plugin/out_syslog_tls.rb

@@ -1,5 +1,5 @@
 # Copyright 2016 Acquia, Inc.
-# Copyright 2016 t.e.morgan.
+# Copyright 2016-2019 t.e.morgan.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,26 +13,28 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'fluent/mixin/config_placeholders'
 require 'socket'
+require 'syslog_tls/logger'
+require 'fluent/plugin/output'
 
-module Fluent
-  class SyslogTlsOutput < Fluent::Output
+module Fluent::Plugin
+  class SyslogTlsOutput < Output
     Fluent::Plugin.register_output('syslog_tls', self)
 
-    include Fluent::Mixin::ConfigPlaceholders
-    include Fluent::HandleTagNameMixin
+    helpers :inject, :formatter, :compat_parameters
 
     DEFAULT_FORMAT_TYPE = 'json'
 
     config_param :host, :string
     config_param :port, :integer
+    config_param :idle_timeout, :integer, default: nil
     config_param :ca_cert, :string, default: 'system'
-    config_param :token, :string, :default => nil
-    config_param :cert, :string, :default => nil
-    config_param :key, :string, :default => nil
-    config_param :hostname, :string, :default => nil
-    config_param :facility, :string, :default => 'LOCAL0'
+    config_param :verify_cert_name, :bool, default: true
+    config_param :token, :string, default: nil
+    config_param :client_cert, :string, default: nil
+    config_param :client_key, :string, default: nil
+    config_param :hostname, :string, default: nil
+    config_param :facility, :string, default: 'LOCAL0'
 
     # Allow to map keys from record to syslog message headers
     SYSLOG_HEADERS = [
@@ -40,25 +42,33 @@ module Fluent
     ]
 
     SYSLOG_HEADERS.each do |key_name|
-      config_param "#{key_name}_key".to_sym, :string, :default => nil
+      config_param "#{key_name}_key".to_sym, :string, default: nil
     end
 
-    config_param :format, :string, default: DEFAULT_FORMAT_TYPE
+    config_section :format do
+      config_set_default :@type, DEFAULT_FORMAT_TYPE
+    end
+
+    attr_accessor :formatter
 
 
     def initialize
       super
-      require 'syslog_tls/logger'
       @loggers = {}
     end
 
     def shutdown
-      super
       @loggers.values.each(&:close)
+      super
     end
 
     # This method is called before starting.
     def configure(conf)
+      if conf['output_type'] && !conf['format']
+        conf['format'] = conf['output_type']
+      end
+      compat_parameters_convert(conf, :inject, :formatter)
+
       super
       @host = conf['host']
       @port = conf['port']
@@ -72,8 +82,7 @@ module Fluent
         @mappings[key_name] = conf[conf_key] if conf.key?(conf_key)
       end
 
-      @formatter = Plugin.new_formatter(@format)
-      @formatter.configure(conf)
+      @formatter = formatter_create(conf: conf.elements('format').first, default_type: DEFAULT_FORMAT_TYPE)
     end
 
     # Get logger for given tag
@@ -90,7 +99,14 @@ module Fluent
     end
 
     def new_logger(tag)
-      transport = ::SyslogTls::SSLTransport.new(host, port, ca_cert: ca_cert, cert: cert, key: key, max_retries: 50)
+      transport = ::SyslogTls::SSLTransport.new(host, port,
+        idle_timeout: idle_timeout,
+        ca_cert: ca_cert,
+        client_cert: client_cert,
+        client_key: client_key,
+        verify_cert_name: verify_cert_name,
+        max_retries: 30,
+      )
       logger = ::SyslogTls::Logger.new(transport, token)
       logger.facility(facility)
       logger.hostname(hostname)
@@ -99,11 +115,11 @@ module Fluent
     end
 
     def format(tag, time, record)
+      record = inject_values_to_record(tag, time, record)
       @formatter.format(tag, time, record)
     end
 
-    def emit(tag, es, chain)
-      chain.next
+    def process(tag, es)
       es.each do |time, record|
         record.each_pair do |_, v|
           v.force_encoding('utf-8') if v.is_a?(String)

data/lib/syslog_tls/protocol.rb

@@ -25,7 +25,8 @@ module SyslogTls
 
   # All headers by specification wrapped in single object
   class Header
-    attr_accessor :facility, :severity, :version, :timestamp, :hostname, :app_name, :procid, :msgid
+    attr_accessor :version, :hostname, :app_name, :procid, :msgid
+    attr_reader :facility, :severity, :timestamp
 
     FACILITIES = {}
     SEVERITIES = {}
@@ -110,12 +111,16 @@ module SyslogTls
 
   # Message represents full message that can be sent to syslog
   class Message
-    attr_accessor :header, :structured_data, :msg
+    attr_accessor :structured_data, :msg
+    attr_writer :header
 
     def initialize
       @msg = ''
       @structured_data = []
-      @header = Header.new
+    end
+
+    def header
+      @header ||= Header.new
     end
 
     def assemble

data/lib/syslog_tls/ssl_transport.rb

@@ -1,4 +1,5 @@
 # Copyright 2016 Acquia, Inc.
+# Copyright 2016-2019 t.e.morgan.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,18 +19,24 @@ require 'openssl'
 module SyslogTls
   # Supports SSL connection to remote host
   class SSLTransport
+    CONNECT_TIMEOUT = 10000
+    # READ_TIMEOUT    = 5
+    WRITE_TIMEOUT   = 10000
+
     attr_accessor :socket
 
-    attr_reader :host, :port, :ca_cert, :cert, :key, :ssl_version
+    attr_reader :host, :port, :idle_timeout, :ca_cert, :client_cert, :client_key, :verify_cert_name, :ssl_version
 
     attr_writer :retries
 
-    def initialize(host, port, ca_cert: 'system', cert: nil, key: nil, ssl_version: :TLSv1_2, max_retries: 1)
-      @ca_cert = ca_cert
+    def initialize(host, port, idle_timeout: nil, ca_cert: 'system', client_cert: nil, client_key: nil, verify_cert_name: true, ssl_version: :TLSv1_2, max_retries: 1)
       @host = host
       @port = port
-      @cert = cert
-      @key = key
+      @idle_timeout = idle_timeout
+      @ca_cert = ca_cert
+      @client_cert = client_cert
+      @client_key = client_key
+      @verify_cert_name = verify_cert_name
       @ssl_version = ssl_version
       @retries = max_retries
       connect
@@ -37,22 +44,69 @@ module SyslogTls
 
     def connect
       @socket = get_ssl_connection
-      @socket.connect
+      begin
+        begin
+          @socket.connect_nonblock
+        rescue Errno::EAGAIN, Errno::EWOULDBLOCK, IO::WaitReadable
+          select_with_timeout(@socket, :connect_read) && retry
+        rescue IO::WaitWritable
+          select_with_timeout(@socket, :connect_write) && retry
+        end
+      rescue Errno::ETIMEDOUT
+        raise 'Socket timeout during connect'
+      end
+      @last_write = Time.now if idle_timeout
+    end
+
+    def get_tcp_connection
+      tcp = nil
+
+      family = Socket::Constants::AF_UNSPEC
+      sock_type = Socket::Constants::SOCK_STREAM
+      addr_info = Socket.getaddrinfo(host, port, family, sock_type, nil, nil, false).first
+      _, port, _, address, family, sock_type = addr_info
+
+      begin
+        sock_addr = Socket.sockaddr_in(port, address)
+        tcp = Socket.new(family, sock_type, 0)
+        tcp.setsockopt(Socket::SOL_SOCKET, Socket::Constants::SO_REUSEADDR, true)
+        tcp.setsockopt(Socket::SOL_SOCKET, Socket::Constants::SO_REUSEPORT, true)
+        tcp.connect_nonblock(sock_addr)
+      rescue Errno::EINPROGRESS
+        select_with_timeout(tcp, :connect_write)
+        begin
+          tcp.connect_nonblock(sock_addr)
+        rescue Errno::EISCONN
+          # all good
+        rescue SystemCallError
+          tcp.close rescue nil
+          raise
+        end
+      rescue SystemCallError
+        tcp.close rescue nil
+        raise
+      end
+
+      tcp.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, true)
+      tcp
     end
 
     def get_ssl_connection
-      tcp = TCPSocket.new(host, port)
+      tcp = get_tcp_connection
 
       ctx = OpenSSL::SSL::SSLContext.new
-      ctx.set_params(verify_mode: OpenSSL::SSL::VERIFY_PEER)
+      ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
       ctx.ssl_version = ssl_version
 
+      ctx.verify_hostname = verify_cert_name != false
+
       case ca_cert
       when true, 'true', 'system'
         # use system certs, same as openssl cli
         ctx.cert_store = OpenSSL::X509::Store.new
         ctx.cert_store.set_default_paths
       when false, 'false'
+        ctx.verify_hostname = false
         ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
       when %r{/$} # ends in /
         ctx.ca_path = ca_cert
@@ -60,20 +114,30 @@ module SyslogTls
         ctx.ca_file = ca_cert
       end
 
-      ctx.cert = OpenSSL::X509::Certificate.new(File.read(cert)) if cert
-      ctx.key = OpenSSL::PKey::read(File.read(key)) if key
+      ctx.cert = OpenSSL::X509::Certificate.new(File.read(client_cert)) if client_cert
+      ctx.key = OpenSSL::PKey::read(File.read(client_key)) if client_key
       socket = OpenSSL::SSL::SSLSocket.new(tcp, ctx)
+      socket.hostname = host
       socket.sync_close = true
       socket
     end
 
     # Allow to retry on failed writes
     def write(s)
+      if idle_timeout
+        if (t=Time.now) > @last_write + idle_timeout
+          @socket.close rescue nil
+          connect
+        else
+          @last_write = t
+        end
+      end
       begin
         retry_id ||= 0
-        @socket.send(:write, s)
+        do_write(s)
       rescue => e
         if (retry_id += 1) < @retries
+          @socket.close rescue nil
           connect
           retry
         else
@@ -82,6 +146,41 @@ module SyslogTls
       end
     end
 
+    def do_write(data)
+      data.force_encoding('BINARY') # so we can break in the middle of multi-byte characters
+      loop do
+        sent = 0
+        begin
+          sent = @socket.write_nonblock(data)
+        rescue OpenSSL::SSL::SSLError, Errno::EAGAIN, Errno::EWOULDBLOCK, IO::WaitWritable => e
+          if e.is_a?(OpenSSL::SSL::SSLError) && e.message !~ /write would block/
+            raise e
+          else
+            select_with_timeout(@socket, :write) && retry
+          end
+        end
+
+        break if sent >= data.size
+        data = data[sent, data.size]
+      end
+    end
+
+    def select_with_timeout(tcp, type)
+      case type
+      when :connect_read
+        args = [[tcp], nil, nil, CONNECT_TIMEOUT]
+      when :connect_write
+        args = [nil, [tcp], nil, CONNECT_TIMEOUT]
+      # when :read
+      #   args = [[tcp], nil, nil, READ_TIMEOUT]
+      when :write
+        args = [nil, [tcp], nil, WRITE_TIMEOUT]
+      else
+        raise "Unknown select type #{type}"
+      end
+      IO.select(*args) || raise("Socket timeout during #{type}")
+    end
+
     # Forward any methods directly to SSLSocket
     def method_missing(method_sym, *arguments, &block)
       @socket.send(method_sym, *arguments, &block)

data/lib/syslog_tls/version.rb

@@ -1,5 +1,5 @@
 # Copyright 2016 Acquia, Inc.
-# Copyright 2016 t.e.morgan.
+# Copyright 2016-2019 t.e.morgan.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,5 +14,5 @@
 # limitations under the License.
 
 module SyslogTls
-  VERSION = '0.6.0'
+  VERSION = '2.0.0'
 end

data/test/fluent/test_out_syslog_tls.rb

@@ -1,5 +1,5 @@
 # Copyright 2016 Acquia, Inc.
-# Copyright 2016 t.e.morgan.
+# Copyright 2016-2019 t.e.morgan.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,6 +18,7 @@ require 'ssl'
 require 'date'
 require 'minitest/mock'
 require 'fluent/plugin/out_syslog_tls'
+require 'fluent/test/driver/output'
 
 class SyslogTlsOutputTest < Test::Unit::TestCase
   include SSLTestHelper
@@ -27,8 +28,8 @@ class SyslogTlsOutputTest < Test::Unit::TestCase
     @driver = nil
   end
 
-  def driver(tag='test', conf='')
-    @driver ||= Fluent::Test::OutputTestDriver.new(Fluent::SyslogTlsOutput, tag).configure(conf)
+  def driver(conf='')
+    @driver ||= Fluent::Test::Driver::Output.new(Fluent::Plugin::SyslogTlsOutput).configure(conf)
   end
 
   def sample_record
@@ -45,23 +46,25 @@ class SyslogTlsOutputTest < Test::Unit::TestCase
   def mock_logger(token='TOKEN')
     io = StringIO.new
     io.set_encoding('utf-8')
-    logger = ::SyslogTls::Logger.new(io, token)
+    ::SyslogTls::Logger.new(io, token)
   end
 
   def test_configure
     config = %{
       host   syslog.collection.us1.sumologic.com
       port   6514
-      cert
-      key
+      client_cert
+      client_key
+      verify_cert_name true
       token  1234567890
     }
-    instance = driver('test', config).instance
+    instance = driver(config).instance
 
     assert_equal 'syslog.collection.us1.sumologic.com', instance.host
     assert_equal '6514', instance.port
-    assert_equal '', instance.cert
-    assert_equal '', instance.key
+    assert_equal '', instance.client_cert
+    assert_equal '', instance.client_key
+    assert_equal true, instance.verify_cert_name
     assert_equal '1234567890', instance.token
   end
 
@@ -69,19 +72,17 @@ class SyslogTlsOutputTest < Test::Unit::TestCase
     config = %{
       host   syslog.collection.us1.sumologic.com
       port   6514
-      cert
-      key
+      client_cert
+      client_key
     }
-    instance = driver('test', config).instance
+    instance = driver(config).instance
 
     time = Time.now
     record = sample_record
     logger = mock_logger(instance.token)
 
     instance.stub(:new_logger, logger) do
-      chain = Minitest::Mock.new
-      chain.expect(:next, nil)
-      instance.emit('test', {time.to_i => record}, chain)
+      instance.process('test', {time.to_i => record})
     end
 
     assert_equal "<134>1 #{time.to_datetime.rfc3339} - - - - - #{record.to_json.to_s}\n\n", logger.transport.string
@@ -91,24 +92,22 @@ class SyslogTlsOutputTest < Test::Unit::TestCase
     config = %{
       host   syslog.collection.us1.sumologic.com
       port   6514
-      cert
-      key
+      client_cert
+      client_key
       token  1234567890
       hostname_key hostname
       procid_key procid
       app_name_key app_name
       msgid_key msgid
     }
-    instance = driver('test', config).instance
+    instance = driver(config).instance
 
     time = Time.now
     record = sample_record
     logger = mock_logger
 
     instance.stub(:new_logger, logger) do
-      chain = Minitest::Mock.new
-      chain.expect(:next, nil)
-      instance.emit('test', {time.to_i => record}, chain)
+      instance.process('test', {time.to_i => record})
     end
 
     assert_true logger.transport.string.start_with?("<134>1 #{time.to_datetime.rfc3339} host app #{$$} 1000 [TOKEN]")
@@ -118,21 +117,19 @@ class SyslogTlsOutputTest < Test::Unit::TestCase
     config = %{
       host   syslog.collection.us1.sumologic.com
       port   6514
-      cert
-      key
+      client_cert
+      client_key
       token  1234567890
       severity_key severity
     }
-    instance = driver('test', config).instance
+    instance = driver(config).instance
 
     time = Time.now
     record = sample_record
     logger = mock_logger
 
     instance.stub(:new_logger, logger) do
-      chain = Minitest::Mock.new
-      chain.expect(:next, nil)
-      instance.emit('test', {time.to_i => record}, chain)
+      instance.process('test', {time.to_i => record})
     end
 
     assert_true logger.transport.string.start_with?("<128>1")
@@ -142,22 +139,20 @@ class SyslogTlsOutputTest < Test::Unit::TestCase
     config = %{
       host   syslog.collection.us1.sumologic.com
       port   6514
-      cert
-      key
+      client_cert
+      client_key
       token  1234567890
       format out_file
-      utc    true
+      localtime false
     }
-    instance = driver('test', config).instance
+    instance = driver(config).instance
 
     time = Time.now
     record = sample_record
     logger = mock_logger
 
     instance.stub(:new_logger, logger) do
-      chain = Minitest::Mock.new
-      chain.expect(:next, nil)
-      instance.emit('test', {time.to_i => record}, chain)
+      instance.process('test', {time.to_i => record})
     end
 
     formatted_time = time.dup.utc.strftime("%Y-%m-%dT%H:%M:%SZ")
@@ -178,21 +173,18 @@ class SyslogTlsOutputTest < Test::Unit::TestCase
     config = %{
       host   localhost
       port   #{server.addr[1]}
-      cert
-      key
+      client_cert
+      client_key
       token  1234567890
       hostname_key hostname
       procid_key procid
       app_name_key app_name
       msgid_key msgid
     }
-    instance = driver('test', config).instance
-
-    chain = Minitest::Mock.new
-    chain.expect(:next, nil)
+    instance = driver(config).instance
 
     SyslogTls::SSLTransport.stub_any_instance(:get_ssl_connection, ssl_client) do
-      instance.emit('test', {time.to_i => record}, chain)
+      instance.process('test', {time.to_i => record})
     end
 
     st.join

data/test/helper.rb

@@ -19,12 +19,6 @@ SimpleCov.start
 
 Coveralls.wear! if ENV['TRAVIS']
 
-# Fluentd sets default encoding to ASCII-8BIT, but coverall can load git data which can contain UTF-8 characters
-at_exit do
-  Encoding.default_internal = 'UTF-8' if defined?(Encoding) && Encoding.respond_to?(:default_internal)
-  Encoding.default_external = 'UTF-8' if defined?(Encoding) && Encoding.respond_to?(:default_external)
-end
-
 require 'test/unit'
 require 'fluent/test'
 require 'minitest/pride'

data/test/syslog_tls/test_ssl_transport.rb

@@ -37,10 +37,10 @@ class SSLTransportTest < Test::Unit::TestCase
 
   def test_retry
     client = Object.new
-    def client.connect
+    def client.connect_nonblock
       true
     end
-    def client.write(s)
+    def client.write_nonblock(s)
       raise "Test"
     end
 

metadata

@@ -1,43 +1,36 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-syslog-tls-long-timeout
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 2.0.0
 platform: ruby
 authors:
 - thomas morgan
+- lukasz stanik
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-09-11 00:00:00.000000000 Z
+date: 2019-09-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fluentd
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.12.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
+        version: 0.14.0
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 0.12.0
-- !ruby/object:Gem::Dependency
-  name: fluent-mixin-config-placeholders
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.3'
+        version: '2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.3'
+        version: 0.14.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -70,16 +63,16 @@ dependencies:
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.5'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.5'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: test-unit
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +93,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -125,6 +118,7 @@ dependencies:
 description: Syslog TLS output plugin with formatting support, for Fluentd
 email:
 - tm@iprog.com
+- stanik.lukasz@outlook.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -166,7 +160,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.0.0
+      version: '2.4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="