fluentd 1.9.0 → 1.9.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of fluentd might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.github/PULL_REQUEST_TEMPLATE.md +2 -1
- data/CHANGELOG.md +24 -0
- data/Gemfile +0 -2
- data/appveyor.yml +5 -14
- data/fluentd.gemspec +2 -1
- data/lib/fluent/config/section.rb +4 -0
- data/lib/fluent/plugin/in_monitor_agent.rb +1 -1
- data/lib/fluent/plugin/in_tail.rb +12 -139
- data/lib/fluent/plugin/in_tail/position_file.rb +171 -0
- data/lib/fluent/plugin/out_forward.rb +3 -2
- data/lib/fluent/plugin/out_http.rb +10 -4
- data/lib/fluent/plugin/output.rb +1 -1
- data/lib/fluent/plugin/parser_syslog.rb +5 -2
- data/lib/fluent/plugin_helper/cert_option.rb +5 -2
- data/lib/fluent/plugin_helper/http_server.rb +62 -2
- data/lib/fluent/plugin_helper/http_server/compat/server.rb +14 -3
- data/lib/fluent/plugin_helper/http_server/compat/ssl_context_extractor.rb +52 -0
- data/lib/fluent/plugin_helper/http_server/server.rb +14 -8
- data/lib/fluent/plugin_helper/http_server/ssl_context_builder.rb +41 -0
- data/lib/fluent/plugin_helper/server.rb +5 -10
- data/lib/fluent/plugin_helper/socket.rb +4 -8
- data/lib/fluent/tls.rb +81 -0
- data/lib/fluent/version.rb +1 -1
- data/test/config/test_section.rb +0 -2
- data/test/plugin/in_tail/test_position_file.rb +192 -0
- data/test/plugin/test_in_tail.rb +13 -0
- data/test/plugin/test_out_http.rb +15 -2
- data/test/plugin/test_output_as_buffered_backup.rb +2 -1
- data/test/plugin/test_parser_syslog.rb +36 -0
- data/test/plugin_helper/data/cert/generate_cert.rb +87 -0
- data/test/plugin_helper/data/cert/with_ca/ca-cert-key-pass.pem +30 -0
- data/test/plugin_helper/data/cert/with_ca/ca-cert-key.pem +27 -0
- data/test/plugin_helper/data/cert/with_ca/ca-cert-pass.pem +20 -0
- data/test/plugin_helper/data/cert/with_ca/ca-cert.pem +20 -0
- data/test/plugin_helper/data/cert/with_ca/cert-key-pass.pem +30 -0
- data/test/plugin_helper/data/cert/with_ca/cert-key.pem +27 -0
- data/test/plugin_helper/data/cert/with_ca/cert-pass.pem +21 -0
- data/test/plugin_helper/data/cert/with_ca/cert.pem +21 -0
- data/test/plugin_helper/data/cert/without_ca/cert-key-pass.pem +30 -0
- data/test/plugin_helper/data/cert/without_ca/cert-key.pem +27 -0
- data/test/plugin_helper/data/cert/without_ca/cert-pass.pem +20 -0
- data/test/plugin_helper/data/cert/without_ca/cert.pem +20 -0
- data/test/plugin_helper/test_http_server_helper.rb +168 -7
- data/test/plugin_helper/test_server.rb +40 -9
- data/test/test_tls.rb +65 -0
- metadata +52 -4
@@ -303,7 +303,9 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
303
303
|
|
304
304
|
data(
|
305
305
|
'server_create tcp' => [:server_create, :tcp, {}],
|
306
|
-
|
306
|
+
# Disable udp test because the behaviour of SO_REUSEXXX option is different betweeen BSD, Linux and others...
|
307
|
+
# Need to find good way for testing on local, CI service and others.
|
308
|
+
#'server_create udp' => [:server_create, :udp, {max_bytes: 128}],
|
307
309
|
'server_create tls' => [:server_create, :tls, {tls_options: {insecure: true}}],
|
308
310
|
# 'server_create unix' => [:server_create, :unix, {}],
|
309
311
|
'server_create_connection tcp' => [:server_create, :tcp, {}],
|
@@ -844,7 +846,7 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
844
846
|
File.chmod(0600, cert_path, private_key_path)
|
845
847
|
end
|
846
848
|
|
847
|
-
def open_tls_session(addr, port, verify: true, cert_path: nil, selfsigned: true, hostname: nil)
|
849
|
+
def open_tls_session(addr, port, version: Fluent::TLS::DEFAULT_VERSION, verify: true, cert_path: nil, selfsigned: true, hostname: nil)
|
848
850
|
context = OpenSSL::SSL::SSLContext.new
|
849
851
|
context.set_params({})
|
850
852
|
if verify
|
@@ -864,6 +866,7 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
864
866
|
else
|
865
867
|
context.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
866
868
|
end
|
869
|
+
Fluent::TLS.set_version_to_context(context, version, nil, nil)
|
867
870
|
|
868
871
|
sock = OpenSSL::SSL::SSLSocket.new(TCPSocket.new(addr, port), context)
|
869
872
|
sock.hostname = hostname if hostname && sock.respond_to?(:hostname)
|
@@ -906,7 +909,7 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
906
909
|
# insecure
|
907
910
|
tls_options = {
|
908
911
|
protocol: :tls,
|
909
|
-
version: 'TLSv1_2',
|
912
|
+
version: :'TLSv1_2',
|
910
913
|
ciphers: 'ALL:!aNULL:!eNULL:!SSLv2',
|
911
914
|
insecure: true,
|
912
915
|
generate_private_key_length: 2048,
|
@@ -950,7 +953,7 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
950
953
|
|
951
954
|
tls_options = {
|
952
955
|
protocol: :tls,
|
953
|
-
version: 'TLSv1_2',
|
956
|
+
version: :'TLSv1_2',
|
954
957
|
ciphers: 'ALL:!aNULL:!eNULL:!SSLv2',
|
955
958
|
insecure: false,
|
956
959
|
cert_path: cert_path,
|
@@ -984,7 +987,7 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
984
987
|
|
985
988
|
tls_options = {
|
986
989
|
protocol: :tls,
|
987
|
-
version: 'TLSv1_2',
|
990
|
+
version: :'TLSv1_2',
|
988
991
|
ciphers: 'ALL:!aNULL:!eNULL:!SSLv2',
|
989
992
|
insecure: false,
|
990
993
|
ca_cert_path: ca_cert_path,
|
@@ -1024,7 +1027,7 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
1024
1027
|
|
1025
1028
|
tls_options = {
|
1026
1029
|
protocol: :tls,
|
1027
|
-
version: 'TLSv1_2',
|
1030
|
+
version: :'TLSv1_2',
|
1028
1031
|
ciphers: 'ALL:!aNULL:!eNULL:!SSLv2',
|
1029
1032
|
insecure: false,
|
1030
1033
|
cert_path: cert_path,
|
@@ -1054,7 +1057,7 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
1054
1057
|
|
1055
1058
|
tls_options = {
|
1056
1059
|
protocol: :tls,
|
1057
|
-
version: 'TLSv1_2',
|
1060
|
+
version: :'TLSv1_2',
|
1058
1061
|
ciphers: 'ALL:!aNULL:!eNULL:!SSLv2',
|
1059
1062
|
insecure: false,
|
1060
1063
|
cert_path: cert_path,
|
@@ -1251,7 +1254,7 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
1251
1254
|
|
1252
1255
|
@tls_options = {
|
1253
1256
|
protocol: :tls,
|
1254
|
-
version: 'TLSv1_2',
|
1257
|
+
version: :'TLSv1_2',
|
1255
1258
|
ciphers: 'ALL:!aNULL:!eNULL:!SSLv2',
|
1256
1259
|
insecure: false,
|
1257
1260
|
cert_path: @cert_path,
|
@@ -1452,6 +1455,35 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
1452
1455
|
assert_equal ["yayfoo\n", "yayfoo\n", "yayfoo\n"], lines
|
1453
1456
|
assert_equal ["closed", "closed", "closed"], callback_results
|
1454
1457
|
end
|
1458
|
+
|
1459
|
+
sub_test_case 'TLS version connection check' do
|
1460
|
+
test "can't connect with different TLS version" do
|
1461
|
+
@d.server_create_tls(:s, PORT, tls_options: @tls_options) do |data, conn|
|
1462
|
+
end
|
1463
|
+
assert_raise(OpenSSL::SSL::SSLError, Errno::ECONNRESET) {
|
1464
|
+
open_tls_session('127.0.0.1', PORT, cert_path: @cert_path, version: :'TLS1_1') do |sock|
|
1465
|
+
end
|
1466
|
+
}
|
1467
|
+
end
|
1468
|
+
|
1469
|
+
test "can specify multiple TLS versions by min_version/max_version" do
|
1470
|
+
omit "min_version=/max_version= is not supported" unless Fluent::TLS::MIN_MAX_AVAILABLE
|
1471
|
+
|
1472
|
+
opts = @tls_options.merge(min_version: :'TLS1_1', max_version: :'TLSv1_2')
|
1473
|
+
@d.server_create_tls(:s, PORT, tls_options: opts) do |data, conn|
|
1474
|
+
end
|
1475
|
+
assert_raise(OpenSSL::SSL::SSLError, Errno::ECONNRESET) {
|
1476
|
+
open_tls_session('127.0.0.1', PORT, cert_path: @cert_path, version: :'TLS1') do |sock|
|
1477
|
+
end
|
1478
|
+
}
|
1479
|
+
[:'TLS1_1', :'TLS1_2'].each { |ver|
|
1480
|
+
assert_nothing_raised {
|
1481
|
+
open_tls_session('127.0.0.1', PORT, cert_path: @cert_path, version: ver) do |sock|
|
1482
|
+
end
|
1483
|
+
}
|
1484
|
+
}
|
1485
|
+
end
|
1486
|
+
end
|
1455
1487
|
end
|
1456
1488
|
|
1457
1489
|
sub_test_case '#server_create_unix' do
|
@@ -1736,5 +1768,4 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
1736
1768
|
# pend "not implemented yet"
|
1737
1769
|
end
|
1738
1770
|
end
|
1739
|
-
|
1740
1771
|
end
|
data/test/test_tls.rb
ADDED
@@ -0,0 +1,65 @@
|
|
1
|
+
require_relative 'helper'
|
2
|
+
require 'fluent/tls'
|
3
|
+
|
4
|
+
class UniqueIdTest < Test::Unit::TestCase
|
5
|
+
TEST_TLS1_1_CASES = {
|
6
|
+
'New TLS v1.1' => :'TLS1_1',
|
7
|
+
'Old TLS v1.1' => :'TLSv1_1',
|
8
|
+
}
|
9
|
+
TEST_TLS1_2_CASES = {
|
10
|
+
'New TLS v1.2' => :'TLS1_2',
|
11
|
+
'Old TLS v1.2' => :'TLSv1_2'
|
12
|
+
}
|
13
|
+
TEST_TLS_CASES = TEST_TLS1_1_CASES.merge(TEST_TLS1_2_CASES)
|
14
|
+
|
15
|
+
sub_test_case 'constants' do
|
16
|
+
test 'default version' do
|
17
|
+
assert_equal :'TLSv1_2', Fluent::TLS::DEFAULT_VERSION
|
18
|
+
end
|
19
|
+
|
20
|
+
data(TEST_TLS_CASES)
|
21
|
+
test 'supported versions' do |ver|
|
22
|
+
assert_include Fluent::TLS::SUPPORTED_VERSIONS, ver
|
23
|
+
end
|
24
|
+
|
25
|
+
test 'default ciphers' do
|
26
|
+
assert_equal "ALL:!aNULL:!eNULL:!SSLv2", Fluent::TLS::CIPHERS_DEFAULT
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
sub_test_case 'set_version_to_context' do
|
31
|
+
setup do
|
32
|
+
@ctx = OpenSSL::SSL::SSLContext.new
|
33
|
+
end
|
34
|
+
|
35
|
+
# TODO: After openssl module supports min_version/max_version accessor, add assert for it.
|
36
|
+
|
37
|
+
data(TEST_TLS_CASES)
|
38
|
+
test 'with version' do |ver|
|
39
|
+
assert_nothing_raised {
|
40
|
+
Fluent::TLS.set_version_to_context(@ctx, ver, nil, nil)
|
41
|
+
}
|
42
|
+
end
|
43
|
+
|
44
|
+
data(TEST_TLS_CASES)
|
45
|
+
test 'can specify old/new syntax to min_version/max_version' do |ver|
|
46
|
+
omit "min_version=/max_version= is not supported" unless Fluent::TLS::MIN_MAX_AVAILABLE
|
47
|
+
|
48
|
+
assert_nothing_raised {
|
49
|
+
Fluent::TLS.set_version_to_context(@ctx, Fluent::TLS::DEFAULT_VERSION, ver, ver)
|
50
|
+
}
|
51
|
+
end
|
52
|
+
|
53
|
+
test 'raise ConfigError when either one of min_version/max_version is not specified' do
|
54
|
+
omit "min_version=/max_version= is not supported" unless Fluent::TLS::MIN_MAX_AVAILABLE
|
55
|
+
|
56
|
+
ver = Fluent::TLS::DEFAULT_VERSION
|
57
|
+
assert_raise(Fluent::ConfigError) {
|
58
|
+
Fluent::TLS.set_version_to_context(@ctx, ver, ver, nil)
|
59
|
+
}
|
60
|
+
assert_raise(Fluent::ConfigError) {
|
61
|
+
Fluent::TLS.set_version_to_context(@ctx, ver, nil, ver)
|
62
|
+
}
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluentd
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.9.
|
4
|
+
version: 1.9.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sadayuki Furuhashi
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-01-
|
11
|
+
date: 2020-01-31 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: msgpack
|
@@ -310,7 +310,7 @@ dependencies:
|
|
310
310
|
requirements:
|
311
311
|
- - ">="
|
312
312
|
- !ruby/object:Gem::Version
|
313
|
-
version: 0.1.
|
313
|
+
version: 0.1.2
|
314
314
|
- - "<"
|
315
315
|
- !ruby/object:Gem::Version
|
316
316
|
version: '0.2'
|
@@ -320,10 +320,24 @@ dependencies:
|
|
320
320
|
requirements:
|
321
321
|
- - ">="
|
322
322
|
- !ruby/object:Gem::Version
|
323
|
-
version: 0.1.
|
323
|
+
version: 0.1.2
|
324
324
|
- - "<"
|
325
325
|
- !ruby/object:Gem::Version
|
326
326
|
version: '0.2'
|
327
|
+
- !ruby/object:Gem::Dependency
|
328
|
+
name: async-http
|
329
|
+
requirement: !ruby/object:Gem::Requirement
|
330
|
+
requirements:
|
331
|
+
- - ">="
|
332
|
+
- !ruby/object:Gem::Version
|
333
|
+
version: '0'
|
334
|
+
type: :development
|
335
|
+
prerelease: false
|
336
|
+
version_requirements: !ruby/object:Gem::Requirement
|
337
|
+
requirements:
|
338
|
+
- - ">="
|
339
|
+
- !ruby/object:Gem::Version
|
340
|
+
version: '0'
|
327
341
|
description: Fluentd is an open source data collector designed to scale and simplify
|
328
342
|
log management. It can collect, process and ship many kinds of data in near real-time.
|
329
343
|
email:
|
@@ -520,6 +534,7 @@ files:
|
|
520
534
|
- lib/fluent/plugin/in_object_space.rb
|
521
535
|
- lib/fluent/plugin/in_syslog.rb
|
522
536
|
- lib/fluent/plugin/in_tail.rb
|
537
|
+
- lib/fluent/plugin/in_tail/position_file.rb
|
523
538
|
- lib/fluent/plugin/in_tcp.rb
|
524
539
|
- lib/fluent/plugin/in_udp.rb
|
525
540
|
- lib/fluent/plugin/in_unix.rb
|
@@ -579,11 +594,13 @@ files:
|
|
579
594
|
- lib/fluent/plugin_helper/http_server.rb
|
580
595
|
- lib/fluent/plugin_helper/http_server/app.rb
|
581
596
|
- lib/fluent/plugin_helper/http_server/compat/server.rb
|
597
|
+
- lib/fluent/plugin_helper/http_server/compat/ssl_context_extractor.rb
|
582
598
|
- lib/fluent/plugin_helper/http_server/compat/webrick_handler.rb
|
583
599
|
- lib/fluent/plugin_helper/http_server/methods.rb
|
584
600
|
- lib/fluent/plugin_helper/http_server/request.rb
|
585
601
|
- lib/fluent/plugin_helper/http_server/router.rb
|
586
602
|
- lib/fluent/plugin_helper/http_server/server.rb
|
603
|
+
- lib/fluent/plugin_helper/http_server/ssl_context_builder.rb
|
587
604
|
- lib/fluent/plugin_helper/inject.rb
|
588
605
|
- lib/fluent/plugin_helper/parser.rb
|
589
606
|
- lib/fluent/plugin_helper/record_accessor.rb
|
@@ -628,6 +645,7 @@ files:
|
|
628
645
|
- lib/fluent/test/startup_shutdown.rb
|
629
646
|
- lib/fluent/time.rb
|
630
647
|
- lib/fluent/timezone.rb
|
648
|
+
- lib/fluent/tls.rb
|
631
649
|
- lib/fluent/unique_id.rb
|
632
650
|
- lib/fluent/variable_store.rb
|
633
651
|
- lib/fluent/version.rb
|
@@ -689,6 +707,7 @@ files:
|
|
689
707
|
- test/plugin/data/sd_file/config.yaml
|
690
708
|
- test/plugin/data/sd_file/config.yml
|
691
709
|
- test/plugin/data/sd_file/invalid_config.yml
|
710
|
+
- test/plugin/in_tail/test_position_file.rb
|
692
711
|
- test/plugin/out_forward/test_ack_handler.rb
|
693
712
|
- test/plugin/out_forward/test_connection_manager.rb
|
694
713
|
- test/plugin/out_forward/test_handshake_protocol.rb
|
@@ -776,6 +795,19 @@ files:
|
|
776
795
|
- test/plugin_helper/data/cert/cert-key.pem
|
777
796
|
- test/plugin_helper/data/cert/cert-with-no-newline.pem
|
778
797
|
- test/plugin_helper/data/cert/cert.pem
|
798
|
+
- test/plugin_helper/data/cert/generate_cert.rb
|
799
|
+
- test/plugin_helper/data/cert/with_ca/ca-cert-key-pass.pem
|
800
|
+
- test/plugin_helper/data/cert/with_ca/ca-cert-key.pem
|
801
|
+
- test/plugin_helper/data/cert/with_ca/ca-cert-pass.pem
|
802
|
+
- test/plugin_helper/data/cert/with_ca/ca-cert.pem
|
803
|
+
- test/plugin_helper/data/cert/with_ca/cert-key-pass.pem
|
804
|
+
- test/plugin_helper/data/cert/with_ca/cert-key.pem
|
805
|
+
- test/plugin_helper/data/cert/with_ca/cert-pass.pem
|
806
|
+
- test/plugin_helper/data/cert/with_ca/cert.pem
|
807
|
+
- test/plugin_helper/data/cert/without_ca/cert-key-pass.pem
|
808
|
+
- test/plugin_helper/data/cert/without_ca/cert-key.pem
|
809
|
+
- test/plugin_helper/data/cert/without_ca/cert-pass.pem
|
810
|
+
- test/plugin_helper/data/cert/without_ca/cert.pem
|
779
811
|
- test/plugin_helper/http_server/test_app.rb
|
780
812
|
- test/plugin_helper/http_server/test_route.rb
|
781
813
|
- test/plugin_helper/service_discovery/test_manager.rb
|
@@ -831,6 +863,7 @@ files:
|
|
831
863
|
- test/test_test_drivers.rb
|
832
864
|
- test/test_time_formatter.rb
|
833
865
|
- test/test_time_parser.rb
|
866
|
+
- test/test_tls.rb
|
834
867
|
- test/test_unique_id.rb
|
835
868
|
- test/test_variable_store.rb
|
836
869
|
homepage: https://www.fluentd.org/
|
@@ -896,6 +929,7 @@ test_files:
|
|
896
929
|
- test/plugin/data/sd_file/config.yaml
|
897
930
|
- test/plugin/data/sd_file/config.yml
|
898
931
|
- test/plugin/data/sd_file/invalid_config.yml
|
932
|
+
- test/plugin/in_tail/test_position_file.rb
|
899
933
|
- test/plugin/out_forward/test_ack_handler.rb
|
900
934
|
- test/plugin/out_forward/test_connection_manager.rb
|
901
935
|
- test/plugin/out_forward/test_handshake_protocol.rb
|
@@ -983,6 +1017,19 @@ test_files:
|
|
983
1017
|
- test/plugin_helper/data/cert/cert-key.pem
|
984
1018
|
- test/plugin_helper/data/cert/cert-with-no-newline.pem
|
985
1019
|
- test/plugin_helper/data/cert/cert.pem
|
1020
|
+
- test/plugin_helper/data/cert/generate_cert.rb
|
1021
|
+
- test/plugin_helper/data/cert/with_ca/ca-cert-key-pass.pem
|
1022
|
+
- test/plugin_helper/data/cert/with_ca/ca-cert-key.pem
|
1023
|
+
- test/plugin_helper/data/cert/with_ca/ca-cert-pass.pem
|
1024
|
+
- test/plugin_helper/data/cert/with_ca/ca-cert.pem
|
1025
|
+
- test/plugin_helper/data/cert/with_ca/cert-key-pass.pem
|
1026
|
+
- test/plugin_helper/data/cert/with_ca/cert-key.pem
|
1027
|
+
- test/plugin_helper/data/cert/with_ca/cert-pass.pem
|
1028
|
+
- test/plugin_helper/data/cert/with_ca/cert.pem
|
1029
|
+
- test/plugin_helper/data/cert/without_ca/cert-key-pass.pem
|
1030
|
+
- test/plugin_helper/data/cert/without_ca/cert-key.pem
|
1031
|
+
- test/plugin_helper/data/cert/without_ca/cert-pass.pem
|
1032
|
+
- test/plugin_helper/data/cert/without_ca/cert.pem
|
986
1033
|
- test/plugin_helper/http_server/test_app.rb
|
987
1034
|
- test/plugin_helper/http_server/test_route.rb
|
988
1035
|
- test/plugin_helper/service_discovery/test_manager.rb
|
@@ -1038,5 +1085,6 @@ test_files:
|
|
1038
1085
|
- test/test_test_drivers.rb
|
1039
1086
|
- test/test_time_formatter.rb
|
1040
1087
|
- test/test_time_parser.rb
|
1088
|
+
- test/test_tls.rb
|
1041
1089
|
- test/test_unique_id.rb
|
1042
1090
|
- test/test_variable_store.rb
|