RubyGems - fluentd - Versions diffs - 1.9.0 → 1.9.1 - Mend

fluentd 1.9.0 → 1.9.1

Potentially problematic release.

This version of fluentd might be problematic. Click here for more details.

Files changed (47) hide show

checksums.yaml +4 -4
data/.github/PULL_REQUEST_TEMPLATE.md +2 -1
data/CHANGELOG.md +24 -0
data/Gemfile +0 -2
data/appveyor.yml +5 -14
data/fluentd.gemspec +2 -1
data/lib/fluent/config/section.rb +4 -0
data/lib/fluent/plugin/in_monitor_agent.rb +1 -1
data/lib/fluent/plugin/in_tail.rb +12 -139
data/lib/fluent/plugin/in_tail/position_file.rb +171 -0
data/lib/fluent/plugin/out_forward.rb +3 -2
data/lib/fluent/plugin/out_http.rb +10 -4
data/lib/fluent/plugin/output.rb +1 -1
data/lib/fluent/plugin/parser_syslog.rb +5 -2
data/lib/fluent/plugin_helper/cert_option.rb +5 -2
data/lib/fluent/plugin_helper/http_server.rb +62 -2
data/lib/fluent/plugin_helper/http_server/compat/server.rb +14 -3
data/lib/fluent/plugin_helper/http_server/compat/ssl_context_extractor.rb +52 -0
data/lib/fluent/plugin_helper/http_server/server.rb +14 -8
data/lib/fluent/plugin_helper/http_server/ssl_context_builder.rb +41 -0
data/lib/fluent/plugin_helper/server.rb +5 -10
data/lib/fluent/plugin_helper/socket.rb +4 -8
data/lib/fluent/tls.rb +81 -0
data/lib/fluent/version.rb +1 -1
data/test/config/test_section.rb +0 -2
data/test/plugin/in_tail/test_position_file.rb +192 -0
data/test/plugin/test_in_tail.rb +13 -0
data/test/plugin/test_out_http.rb +15 -2
data/test/plugin/test_output_as_buffered_backup.rb +2 -1
data/test/plugin/test_parser_syslog.rb +36 -0
data/test/plugin_helper/data/cert/generate_cert.rb +87 -0
data/test/plugin_helper/data/cert/with_ca/ca-cert-key-pass.pem +30 -0
data/test/plugin_helper/data/cert/with_ca/ca-cert-key.pem +27 -0
data/test/plugin_helper/data/cert/with_ca/ca-cert-pass.pem +20 -0
data/test/plugin_helper/data/cert/with_ca/ca-cert.pem +20 -0
data/test/plugin_helper/data/cert/with_ca/cert-key-pass.pem +30 -0
data/test/plugin_helper/data/cert/with_ca/cert-key.pem +27 -0
data/test/plugin_helper/data/cert/with_ca/cert-pass.pem +21 -0
data/test/plugin_helper/data/cert/with_ca/cert.pem +21 -0
data/test/plugin_helper/data/cert/without_ca/cert-key-pass.pem +30 -0
data/test/plugin_helper/data/cert/without_ca/cert-key.pem +27 -0
data/test/plugin_helper/data/cert/without_ca/cert-pass.pem +20 -0
data/test/plugin_helper/data/cert/without_ca/cert.pem +20 -0
data/test/plugin_helper/test_http_server_helper.rb +168 -7
data/test/plugin_helper/test_server.rb +40 -9
data/test/test_tls.rb +65 -0
metadata +52 -4

data/test/plugin_helper/test_server.rb CHANGED

@@ -303,7 +303,9 @@ class ServerPluginHelperTest < Test::Unit::TestCase
     data(
       'server_create tcp' => [:server_create, :tcp, {}],
-      'server_create udp' => [:server_create, :udp, {max_bytes: 128}],
+      # Disable udp test because the behaviour of SO_REUSEXXX option is different betweeen BSD, Linux and others...
+      # Need to find good way for testing on local, CI service and others.
+      #'server_create udp' => [:server_create, :udp, {max_bytes: 128}],
       'server_create tls' => [:server_create, :tls, {tls_options: {insecure: true}}],
       # 'server_create unix' => [:server_create, :unix, {}],
       'server_create_connection tcp' => [:server_create, :tcp, {}],
@@ -844,7 +846,7 @@ class ServerPluginHelperTest < Test::Unit::TestCase
     File.chmod(0600, cert_path, private_key_path)
   end
-  def open_tls_session(addr, port, verify: true, cert_path: nil, selfsigned: true, hostname: nil)
+  def open_tls_session(addr, port, version: Fluent::TLS::DEFAULT_VERSION, verify: true, cert_path: nil, selfsigned: true, hostname: nil)
     context = OpenSSL::SSL::SSLContext.new
     context.set_params({})
     if verify
@@ -864,6 +866,7 @@ class ServerPluginHelperTest < Test::Unit::TestCase
     else
       context.verify_mode = OpenSSL::SSL::VERIFY_NONE
     end
+    Fluent::TLS.set_version_to_context(context, version, nil, nil)
     sock = OpenSSL::SSL::SSLSocket.new(TCPSocket.new(addr, port), context)
     sock.hostname = hostname if hostname && sock.respond_to?(:hostname)
@@ -906,7 +909,7 @@ class ServerPluginHelperTest < Test::Unit::TestCase
         # insecure
         tls_options = {
           protocol: :tls,
-          version: 'TLSv1_2',
+          version: :'TLSv1_2',
           ciphers: 'ALL:!aNULL:!eNULL:!SSLv2',
           insecure: true,
           generate_private_key_length: 2048,
@@ -950,7 +953,7 @@ class ServerPluginHelperTest < Test::Unit::TestCase
         tls_options = {
           protocol: :tls,
-          version: 'TLSv1_2',
+          version: :'TLSv1_2',
           ciphers: 'ALL:!aNULL:!eNULL:!SSLv2',
           insecure: false,
           cert_path: cert_path,
@@ -984,7 +987,7 @@ class ServerPluginHelperTest < Test::Unit::TestCase
         tls_options = {
           protocol: :tls,
-          version: 'TLSv1_2',
+          version: :'TLSv1_2',
           ciphers: 'ALL:!aNULL:!eNULL:!SSLv2',
           insecure: false,
           ca_cert_path: ca_cert_path,
@@ -1024,7 +1027,7 @@ class ServerPluginHelperTest < Test::Unit::TestCase
         tls_options = {
           protocol: :tls,
-          version: 'TLSv1_2',
+          version: :'TLSv1_2',
           ciphers: 'ALL:!aNULL:!eNULL:!SSLv2',
           insecure: false,
           cert_path: cert_path,
@@ -1054,7 +1057,7 @@ class ServerPluginHelperTest < Test::Unit::TestCase
         tls_options = {
           protocol: :tls,
-          version: 'TLSv1_2',
+          version: :'TLSv1_2',
           ciphers: 'ALL:!aNULL:!eNULL:!SSLv2',
           insecure: false,
           cert_path: cert_path,
@@ -1251,7 +1254,7 @@ class ServerPluginHelperTest < Test::Unit::TestCase
       @tls_options = {
         protocol: :tls,
-        version: 'TLSv1_2',
+        version: :'TLSv1_2',
         ciphers: 'ALL:!aNULL:!eNULL:!SSLv2',
         insecure: false,
         cert_path: @cert_path,
@@ -1452,6 +1455,35 @@ class ServerPluginHelperTest < Test::Unit::TestCase
       assert_equal ["yayfoo\n", "yayfoo\n", "yayfoo\n"], lines
       assert_equal ["closed", "closed", "closed"], callback_results
     end
+    sub_test_case 'TLS version connection check' do
+      test "can't connect with different TLS version" do
+        @d.server_create_tls(:s, PORT, tls_options: @tls_options) do |data, conn|
+        end
+        assert_raise(OpenSSL::SSL::SSLError, Errno::ECONNRESET) {
+          open_tls_session('127.0.0.1', PORT, cert_path: @cert_path, version: :'TLS1_1') do |sock|
+          end
+        }
+      end
+      test "can specify multiple TLS versions by min_version/max_version" do
+        omit "min_version=/max_version= is not supported" unless Fluent::TLS::MIN_MAX_AVAILABLE
+        opts = @tls_options.merge(min_version: :'TLS1_1', max_version: :'TLSv1_2')
+        @d.server_create_tls(:s, PORT, tls_options: opts) do |data, conn|
+        end
+        assert_raise(OpenSSL::SSL::SSLError, Errno::ECONNRESET) {
+          open_tls_session('127.0.0.1', PORT, cert_path: @cert_path, version: :'TLS1') do |sock|
+          end
+        }
+        [:'TLS1_1', :'TLS1_2'].each { |ver|
+          assert_nothing_raised {
+            open_tls_session('127.0.0.1', PORT, cert_path: @cert_path, version: ver) do |sock|
+            end
+          }
+        }
+      end
+    end
   end
   sub_test_case '#server_create_unix' do
@@ -1736,5 +1768,4 @@ class ServerPluginHelperTest < Test::Unit::TestCase
       # pend "not implemented yet"
     end
   end
 end

data/test/test_tls.rb ADDED

@@ -0,0 +1,65 @@
+require_relative 'helper'
+require 'fluent/tls'
+class UniqueIdTest < Test::Unit::TestCase
+  TEST_TLS1_1_CASES = {
+    'New TLS v1.1' => :'TLS1_1',
+    'Old TLS v1.1' => :'TLSv1_1',
+  }
+  TEST_TLS1_2_CASES = {
+    'New TLS v1.2' => :'TLS1_2',
+    'Old TLS v1.2' => :'TLSv1_2'
+  }
+  TEST_TLS_CASES = TEST_TLS1_1_CASES.merge(TEST_TLS1_2_CASES)
+  sub_test_case 'constants' do
+    test 'default version' do
+      assert_equal :'TLSv1_2', Fluent::TLS::DEFAULT_VERSION
+    end
+    data(TEST_TLS_CASES)
+    test 'supported versions' do |ver|
+      assert_include Fluent::TLS::SUPPORTED_VERSIONS, ver
+    end
+    test 'default ciphers' do
+      assert_equal "ALL:!aNULL:!eNULL:!SSLv2", Fluent::TLS::CIPHERS_DEFAULT
+    end
+  end
+  sub_test_case 'set_version_to_context' do
+    setup do
+      @ctx = OpenSSL::SSL::SSLContext.new
+    end
+    # TODO: After openssl module supports min_version/max_version accessor, add assert for it.
+    data(TEST_TLS_CASES)
+    test 'with version' do |ver|
+      assert_nothing_raised {
+        Fluent::TLS.set_version_to_context(@ctx, ver, nil, nil)
+      }
+    end
+    data(TEST_TLS_CASES)
+    test 'can specify old/new syntax to min_version/max_version' do |ver|
+      omit "min_version=/max_version= is not supported" unless Fluent::TLS::MIN_MAX_AVAILABLE
+      assert_nothing_raised {
+        Fluent::TLS.set_version_to_context(@ctx, Fluent::TLS::DEFAULT_VERSION, ver, ver)
+      }
+    end
+    test 'raise ConfigError when either one of min_version/max_version is not specified' do
+      omit "min_version=/max_version= is not supported" unless Fluent::TLS::MIN_MAX_AVAILABLE
+      ver = Fluent::TLS::DEFAULT_VERSION
+      assert_raise(Fluent::ConfigError) {
+        Fluent::TLS.set_version_to_context(@ctx, ver, ver, nil)
+      }
+      assert_raise(Fluent::ConfigError) {
+        Fluent::TLS.set_version_to_context(@ctx, ver, nil, ver)
+      }
+    end
+  end
+end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluentd
 version: !ruby/object:Gem::Version
-  version: 1.9.0
+  version: 1.9.1
 platform: ruby
 authors:
 - Sadayuki Furuhashi
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-01-22 00:00:00.000000000 Z
+date: 2020-01-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: msgpack
@@ -310,7 +310,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.1.1
+        version: 0.1.2
     - - "<"
       - !ruby/object:Gem::Version
         version: '0.2'
@@ -320,10 +320,24 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.1.1
+        version: 0.1.2
     - - "<"
       - !ruby/object:Gem::Version
         version: '0.2'
+- !ruby/object:Gem::Dependency
+  name: async-http
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Fluentd is an open source data collector designed to scale and simplify
   log management. It can collect, process and ship many kinds of data in near real-time.
 email:
@@ -520,6 +534,7 @@ files:
 - lib/fluent/plugin/in_object_space.rb
 - lib/fluent/plugin/in_syslog.rb
 - lib/fluent/plugin/in_tail.rb
+- lib/fluent/plugin/in_tail/position_file.rb
 - lib/fluent/plugin/in_tcp.rb
 - lib/fluent/plugin/in_udp.rb
 - lib/fluent/plugin/in_unix.rb
@@ -579,11 +594,13 @@ files:
 - lib/fluent/plugin_helper/http_server.rb
 - lib/fluent/plugin_helper/http_server/app.rb
 - lib/fluent/plugin_helper/http_server/compat/server.rb
+- lib/fluent/plugin_helper/http_server/compat/ssl_context_extractor.rb
 - lib/fluent/plugin_helper/http_server/compat/webrick_handler.rb
 - lib/fluent/plugin_helper/http_server/methods.rb
 - lib/fluent/plugin_helper/http_server/request.rb
 - lib/fluent/plugin_helper/http_server/router.rb
 - lib/fluent/plugin_helper/http_server/server.rb
+- lib/fluent/plugin_helper/http_server/ssl_context_builder.rb
 - lib/fluent/plugin_helper/inject.rb
 - lib/fluent/plugin_helper/parser.rb
 - lib/fluent/plugin_helper/record_accessor.rb
@@ -628,6 +645,7 @@ files:
 - lib/fluent/test/startup_shutdown.rb
 - lib/fluent/time.rb
 - lib/fluent/timezone.rb
+- lib/fluent/tls.rb
 - lib/fluent/unique_id.rb
 - lib/fluent/variable_store.rb
 - lib/fluent/version.rb
@@ -689,6 +707,7 @@ files:
 - test/plugin/data/sd_file/config.yaml
 - test/plugin/data/sd_file/config.yml
 - test/plugin/data/sd_file/invalid_config.yml
+- test/plugin/in_tail/test_position_file.rb
 - test/plugin/out_forward/test_ack_handler.rb
 - test/plugin/out_forward/test_connection_manager.rb
 - test/plugin/out_forward/test_handshake_protocol.rb
@@ -776,6 +795,19 @@ files:
 - test/plugin_helper/data/cert/cert-key.pem
 - test/plugin_helper/data/cert/cert-with-no-newline.pem
 - test/plugin_helper/data/cert/cert.pem
+- test/plugin_helper/data/cert/generate_cert.rb
+- test/plugin_helper/data/cert/with_ca/ca-cert-key-pass.pem
+- test/plugin_helper/data/cert/with_ca/ca-cert-key.pem
+- test/plugin_helper/data/cert/with_ca/ca-cert-pass.pem
+- test/plugin_helper/data/cert/with_ca/ca-cert.pem
+- test/plugin_helper/data/cert/with_ca/cert-key-pass.pem
+- test/plugin_helper/data/cert/with_ca/cert-key.pem
+- test/plugin_helper/data/cert/with_ca/cert-pass.pem
+- test/plugin_helper/data/cert/with_ca/cert.pem
+- test/plugin_helper/data/cert/without_ca/cert-key-pass.pem
+- test/plugin_helper/data/cert/without_ca/cert-key.pem
+- test/plugin_helper/data/cert/without_ca/cert-pass.pem
+- test/plugin_helper/data/cert/without_ca/cert.pem
 - test/plugin_helper/http_server/test_app.rb
 - test/plugin_helper/http_server/test_route.rb
 - test/plugin_helper/service_discovery/test_manager.rb
@@ -831,6 +863,7 @@ files:
 - test/test_test_drivers.rb
 - test/test_time_formatter.rb
 - test/test_time_parser.rb
+- test/test_tls.rb
 - test/test_unique_id.rb
 - test/test_variable_store.rb
 homepage: https://www.fluentd.org/
@@ -896,6 +929,7 @@ test_files:
 - test/plugin/data/sd_file/config.yaml
 - test/plugin/data/sd_file/config.yml
 - test/plugin/data/sd_file/invalid_config.yml
+- test/plugin/in_tail/test_position_file.rb
 - test/plugin/out_forward/test_ack_handler.rb
 - test/plugin/out_forward/test_connection_manager.rb
 - test/plugin/out_forward/test_handshake_protocol.rb
@@ -983,6 +1017,19 @@ test_files:
 - test/plugin_helper/data/cert/cert-key.pem
 - test/plugin_helper/data/cert/cert-with-no-newline.pem
 - test/plugin_helper/data/cert/cert.pem
+- test/plugin_helper/data/cert/generate_cert.rb
+- test/plugin_helper/data/cert/with_ca/ca-cert-key-pass.pem
+- test/plugin_helper/data/cert/with_ca/ca-cert-key.pem
+- test/plugin_helper/data/cert/with_ca/ca-cert-pass.pem
+- test/plugin_helper/data/cert/with_ca/ca-cert.pem
+- test/plugin_helper/data/cert/with_ca/cert-key-pass.pem
+- test/plugin_helper/data/cert/with_ca/cert-key.pem
+- test/plugin_helper/data/cert/with_ca/cert-pass.pem
+- test/plugin_helper/data/cert/with_ca/cert.pem
+- test/plugin_helper/data/cert/without_ca/cert-key-pass.pem
+- test/plugin_helper/data/cert/without_ca/cert-key.pem
+- test/plugin_helper/data/cert/without_ca/cert-pass.pem
+- test/plugin_helper/data/cert/without_ca/cert.pem
 - test/plugin_helper/http_server/test_app.rb
 - test/plugin_helper/http_server/test_route.rb
 - test/plugin_helper/service_discovery/test_manager.rb
@@ -1038,5 +1085,6 @@ test_files:
 - test/test_test_drivers.rb
 - test/test_time_formatter.rb
 - test/test_time_parser.rb
+- test/test_tls.rb
 - test/test_unique_id.rb
 - test/test_variable_store.rb