fluentd 0.14.16 → 0.14.17
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of fluentd might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/ChangeLog +20 -0
- data/lib/fluent/command/plugin_config_formatter.rb +0 -1
- data/lib/fluent/engine.rb +5 -1
- data/lib/fluent/plugin/in_tail.rb +7 -1
- data/lib/fluent/plugin/out_forward.rb +4 -1
- data/lib/fluent/plugin_helper/cert_option.rb +2 -2
- data/lib/fluent/root_agent.rb +3 -0
- data/lib/fluent/supervisor.rb +27 -5
- data/lib/fluent/version.rb +1 -1
- data/test/command/test_fluentd.rb +45 -2
- data/test/plugin/test_in_tail.rb +1 -0
- data/test/plugin_helper/test_server.rb +37 -31
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e746832a9687d6e680231e7f617584b50a6db91b
|
4
|
+
data.tar.gz: a084bf0df70ef3fe3c3bf21db2f21b6745640360
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8c0bd7a4c82757b3f4507c7d79e171e414ccb4d44f99ce60a4ad1a0802bcc9cf18b9de0ef8d9d7cc755e61d5a5112b944f2102f68d3e71cc403f917034747aaa
|
7
|
+
data.tar.gz: 4e00a8d1147b4371ddc2a890543eef8efa2bdbec53fefc1cb39076ab8cd68e8b6839e9bfd3b1e5c7ef90856c8b77f7cd60205d83596a388b413936b5760be1e2
|
data/ChangeLog
CHANGED
@@ -1,5 +1,25 @@
|
|
1
1
|
# v0.14
|
2
2
|
|
3
|
+
## Release v0.14.17 - 2017/05/29
|
4
|
+
|
5
|
+
### New features / Enhancements
|
6
|
+
|
7
|
+
* in_tail: Add ignore_repeated_permission_error
|
8
|
+
https://github.com/fluent/fluentd/pull/1574
|
9
|
+
* server: Accept private key for TLS server without passphrase
|
10
|
+
https://github.com/fluent/fluentd/pull/1575
|
11
|
+
* config: Validate workers option on standalone mode
|
12
|
+
https://github.com/fluent/fluentd/pull/1577
|
13
|
+
|
14
|
+
### Bug fixes
|
15
|
+
|
16
|
+
* config: Mask all secret parameters in worker section
|
17
|
+
https://github.com/fluent/fluentd/pull/1580
|
18
|
+
* out_forward: Fix ack handling
|
19
|
+
https://github.com/fluent/fluentd/pull/1581
|
20
|
+
* plugin-config-format: Fix markdown format generator
|
21
|
+
https://github.com/fluent/fluentd/pull/1585
|
22
|
+
|
3
23
|
## Release v0.14.16 - 2017/05/13
|
4
24
|
|
5
25
|
### New features / Enhancements
|
@@ -167,7 +167,6 @@ class FluentPluginConfigFormatter
|
|
167
167
|
required = sub_section.delete(:required)
|
168
168
|
multi = sub_section.delete(:multi)
|
169
169
|
alias_name = sub_section.delete(:alias)
|
170
|
-
$log.trace(name: section_name, required: required, multi: multi, alias_name: alias_name)
|
171
170
|
sub_section.delete(:section)
|
172
171
|
dumped << ERB.new(template_path("section.md.erb").read, nil, "-").result(binding)
|
173
172
|
end
|
data/lib/fluent/engine.rb
CHANGED
@@ -43,6 +43,8 @@ module Fluent
|
|
43
43
|
@suppress_config_dump = false
|
44
44
|
|
45
45
|
@system_config = SystemConfig.new
|
46
|
+
|
47
|
+
@dry_run_mode = false
|
46
48
|
end
|
47
49
|
|
48
50
|
MAINLOOP_SLEEP_INTERVAL = 0.3
|
@@ -54,6 +56,8 @@ module Fluent
|
|
54
56
|
attr_reader :matches, :sources
|
55
57
|
attr_reader :system_config
|
56
58
|
|
59
|
+
attr_accessor :dry_run_mode
|
60
|
+
|
57
61
|
def init(system_config)
|
58
62
|
@system_config = system_config
|
59
63
|
|
@@ -157,7 +161,7 @@ module Fluent
|
|
157
161
|
$log.enable_event(true) if @log_event_router
|
158
162
|
|
159
163
|
unless @suppress_config_dump
|
160
|
-
$log.info :
|
164
|
+
$log.info :supervisor, "using configuration file: #{conf.to_s.rstrip}"
|
161
165
|
end
|
162
166
|
end
|
163
167
|
|
@@ -42,6 +42,7 @@ module Fluent::Plugin
|
|
42
42
|
@tails = {}
|
43
43
|
@pf_file = nil
|
44
44
|
@pf = nil
|
45
|
+
@ignore_list = []
|
45
46
|
end
|
46
47
|
|
47
48
|
desc 'The paths to read. Multiple paths can be specified, separated by comma.'
|
@@ -81,6 +82,8 @@ module Fluent::Plugin
|
|
81
82
|
config_param :limit_recently_modified, :time, default: nil
|
82
83
|
desc 'Enable the option to skip the refresh of watching list on startup.'
|
83
84
|
config_param :skip_refresh_on_startup, :bool, default: false
|
85
|
+
desc 'Ignore repeated permission error logs'
|
86
|
+
config_param :ignore_repeated_permission_error, :bool, default: false
|
84
87
|
|
85
88
|
attr_reader :paths
|
86
89
|
|
@@ -198,7 +201,10 @@ module Fluent::Plugin
|
|
198
201
|
end
|
199
202
|
else
|
200
203
|
if is_file
|
201
|
-
|
204
|
+
unless @ignore_list.include?(path)
|
205
|
+
log.warn "#{p} unreadable. It is excluded and would be examined next time."
|
206
|
+
@ignore_list << path if @ignore_repeated_permission_error
|
207
|
+
end
|
202
208
|
end
|
203
209
|
false
|
204
210
|
end
|
@@ -431,6 +431,7 @@ module Fluent::Plugin
|
|
431
431
|
if raw_data.empty?
|
432
432
|
log.warn "destination node closed the connection. regard it as unavailable.", host: info.node.host, port: info.node.port
|
433
433
|
info.node.disable!
|
434
|
+
rollback_write(info.chunk_id)
|
434
435
|
return nil
|
435
436
|
else
|
436
437
|
unpacker.feed(raw_data)
|
@@ -450,6 +451,8 @@ module Fluent::Plugin
|
|
450
451
|
log.error "unexpected error while receiving ack message", error: e
|
451
452
|
log.error_backtrace
|
452
453
|
ensure
|
454
|
+
info.sock.close_write rescue nil
|
455
|
+
info.sock.close rescue nil
|
453
456
|
@sock_ack_waiting_mutex.synchronize do
|
454
457
|
@sock_ack_waiting.delete(info)
|
455
458
|
end
|
@@ -492,7 +495,7 @@ module Fluent::Plugin
|
|
492
495
|
|
493
496
|
readable_sockets.each do |sock|
|
494
497
|
chunk_id = read_ack_from_sock(sock, unpacker)
|
495
|
-
commit_write(chunk_id)
|
498
|
+
commit_write(chunk_id) if chunk_id
|
496
499
|
end
|
497
500
|
rescue => e
|
498
501
|
log.error "unexpected error while receiving ack", error: e
|
@@ -46,12 +46,12 @@ module Fluent
|
|
46
46
|
case
|
47
47
|
when conf.cert_path
|
48
48
|
raise Fluent::ConfigError, "private_key_path is required when cert_path is specified" unless conf.private_key_path
|
49
|
-
|
49
|
+
log.warn "For security reason, setting private_key_passphrase is recommended when cert_path is specified" unless conf.private_key_passphrase
|
50
50
|
cert_option_load(conf.cert_path, conf.private_key_path, conf.private_key_passphrase)
|
51
51
|
|
52
52
|
when conf.ca_cert_path
|
53
53
|
raise Fluent::ConfigError, "ca_private_key_path is required when ca_cert_path is specified" unless conf.ca_private_key_path
|
54
|
-
|
54
|
+
log.warn "For security reason, setting ca_private_key_passphrase is recommended when ca_cert_path is specified" unless conf.ca_private_key_passphrase
|
55
55
|
generate_opts = cert_option_cert_generation_opts_from_conf(conf)
|
56
56
|
cert_option_generate_server_pair_by_ca(
|
57
57
|
conf.ca_cert_path,
|
data/lib/fluent/root_agent.rb
CHANGED
@@ -76,6 +76,9 @@ module Fluent
|
|
76
76
|
raise ConfigError, "worker id #{target_worker_id} specified by <worker> directive is not allowed. Available worker id is between 0 and #{(Fluent::Engine.system_config.workers - 1)}"
|
77
77
|
end
|
78
78
|
|
79
|
+
## On dry_run mode, all worker sections have to be configured on supervisor (recognized as worker_id = 0).
|
80
|
+
target_worker_id = 0 if Fluent::Engine.dry_run_mode
|
81
|
+
|
79
82
|
e.elements.each do |elem|
|
80
83
|
unless ['source', 'match', 'filter', 'label'].include?(elem.name)
|
81
84
|
raise ConfigError, "<worker> section cannot have <#{elem.name}> directive"
|
data/lib/fluent/supervisor.rb
CHANGED
@@ -457,7 +457,7 @@ module Fluent
|
|
457
457
|
end
|
458
458
|
end
|
459
459
|
|
460
|
-
|
460
|
+
dry_run_cmd if @dry_run
|
461
461
|
supervise
|
462
462
|
end
|
463
463
|
|
@@ -490,6 +490,10 @@ module Fluent
|
|
490
490
|
read_config
|
491
491
|
set_system_config
|
492
492
|
|
493
|
+
if @standalone_worker && @workers != 1
|
494
|
+
raise Fluent::ConfigError, "invalid number of workers (must be 1 or unspecified) with --no-supervisor: #{@workers}"
|
495
|
+
end
|
496
|
+
|
493
497
|
install_main_process_signal_handlers
|
494
498
|
|
495
499
|
# This is the only log messsage for @standalone_worker
|
@@ -514,17 +518,32 @@ module Fluent
|
|
514
518
|
ENV['SERVERENGINE_SOCKETMANAGER_PATH'] = socket_manager_path.to_s
|
515
519
|
end
|
516
520
|
|
517
|
-
def
|
521
|
+
def dry_run_cmd
|
518
522
|
$log.info "starting fluentd-#{Fluent::VERSION} as dry run mode"
|
519
|
-
|
520
|
-
|
521
|
-
run_configure
|
523
|
+
@system_config.suppress_config_dump = true
|
524
|
+
dry_run
|
522
525
|
exit 0
|
523
526
|
rescue => e
|
524
527
|
$log.error "dry run failed: #{e}"
|
525
528
|
exit 1
|
526
529
|
end
|
527
530
|
|
531
|
+
## Set Engine's dry_run_mode true to override all target_id of worker sections
|
532
|
+
def dry_run
|
533
|
+
begin
|
534
|
+
Fluent::Engine.dry_run_mode = true
|
535
|
+
change_privilege
|
536
|
+
init_engine
|
537
|
+
run_configure
|
538
|
+
rescue Fluent::ConfigError => e
|
539
|
+
$log.error "config error", file: @config_path, error: e
|
540
|
+
$log.debug_backtrace
|
541
|
+
exit!(1)
|
542
|
+
ensure
|
543
|
+
Fluent::Engine.dry_run_mode = false
|
544
|
+
end
|
545
|
+
end
|
546
|
+
|
528
547
|
def show_plugin_config
|
529
548
|
name, type = @show_plugin_config.split(":") # input:tail
|
530
549
|
$log.info "Use fluent-plugin-config-format --format=txt #{name} #{type}"
|
@@ -532,6 +551,9 @@ module Fluent
|
|
532
551
|
end
|
533
552
|
|
534
553
|
def supervise
|
554
|
+
# Make dumpable conf, which is set corresponding_proxies for all elements in all worker sections
|
555
|
+
dry_run
|
556
|
+
|
535
557
|
Process.setproctitle("supervisor:#{@process_name}") if @process_name
|
536
558
|
$log.info "starting fluentd-#{Fluent::VERSION}", pid: Process.pid
|
537
559
|
|
data/lib/fluent/version.rb
CHANGED
@@ -442,8 +442,7 @@ CONF
|
|
442
442
|
|
443
443
|
assert_fluentd_fails_to_start(
|
444
444
|
create_cmdline(conf_path, "-p", File.dirname(plugin_path)),
|
445
|
-
"
|
446
|
-
"in_buggy.rb:5: syntax error, unexpected end-of-input, expecting keyword_end",
|
445
|
+
"in_buggy.rb:5: syntax error, unexpected end-of-input, expecting keyword_end (SyntaxError)"
|
447
446
|
)
|
448
447
|
end
|
449
448
|
end
|
@@ -821,4 +820,48 @@ CONF
|
|
821
820
|
)
|
822
821
|
end
|
823
822
|
end
|
823
|
+
|
824
|
+
sub_test_case 'config dump' do
|
825
|
+
test 'all secret parameters in worker section is sealed' do
|
826
|
+
script = <<-EOC
|
827
|
+
require 'fluent/plugin/input'
|
828
|
+
module Fluent::Plugin
|
829
|
+
class FakeInput < Input
|
830
|
+
Fluent::Plugin.register_input('fake', self)
|
831
|
+
config_param :secret, :string, secret: true
|
832
|
+
end
|
833
|
+
end
|
834
|
+
EOC
|
835
|
+
plugin_path = create_plugin_file('in_fake.rb', script)
|
836
|
+
|
837
|
+
conf = <<CONF
|
838
|
+
<system>
|
839
|
+
workers 2
|
840
|
+
</system>
|
841
|
+
<worker 0>
|
842
|
+
<source>
|
843
|
+
@type fake
|
844
|
+
secret secret0
|
845
|
+
</source>
|
846
|
+
<match>
|
847
|
+
@type null
|
848
|
+
</match>
|
849
|
+
</worker>
|
850
|
+
<worker 1>
|
851
|
+
<source>
|
852
|
+
@type fake
|
853
|
+
secret secret1
|
854
|
+
</source>
|
855
|
+
<match>
|
856
|
+
@type null
|
857
|
+
</match>
|
858
|
+
</worker>
|
859
|
+
CONF
|
860
|
+
conf_path = create_conf_file('secret_in_worker.conf', conf)
|
861
|
+
assert File.exist?(conf_path)
|
862
|
+
|
863
|
+
assert_log_matches(create_cmdline(conf_path, "-p", File.dirname(plugin_path)),
|
864
|
+
"secret xxxxxx", patterns_not_match: ["secret secret0", "secret secret1"])
|
865
|
+
end
|
866
|
+
end
|
824
867
|
end
|
data/test/plugin/test_in_tail.rb
CHANGED
@@ -72,6 +72,7 @@ class TailInputTest < Test::Unit::TestCase
|
|
72
72
|
assert_equal 2, d.instance.rotate_wait
|
73
73
|
assert_equal "#{TMP_DIR}/tail.pos", d.instance.pos_file
|
74
74
|
assert_equal 1000, d.instance.read_lines_limit
|
75
|
+
assert_equal false, d.instance.ignore_repeated_permission_error
|
75
76
|
end
|
76
77
|
|
77
78
|
data("empty" => config_element,
|
@@ -767,8 +767,9 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
767
767
|
|
768
768
|
def write_cert_and_key(cert_path, cert, key_path, key, passphrase)
|
769
769
|
File.open(cert_path, "w"){|f| f.write(cert.to_pem) }
|
770
|
-
#
|
771
|
-
|
770
|
+
# Write the secret key (raw or ecnrypted by AES256) in PEM format
|
771
|
+
key_str = passphrase ? key.export(OpenSSL::Cipher.new("AES-256-CBC"), passphrase) : key.export
|
772
|
+
File.open(key_path, "w"){|f| f.write(key_str) }
|
772
773
|
File.chmod(0600, cert_path, key_path)
|
773
774
|
end
|
774
775
|
|
@@ -807,7 +808,8 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
807
808
|
f.write server_cert.to_pem
|
808
809
|
f.write chain_cert.to_pem
|
809
810
|
end
|
810
|
-
|
811
|
+
key_str = passphrase ? server_key.export(OpenSSL::Cipher.new("AES-256-CBC"), passphrase) : server_key.export
|
812
|
+
File.open(private_key_path, "w"){|f| f.write(key_str) }
|
811
813
|
File.chmod(0600, cert_path, private_key_path)
|
812
814
|
end
|
813
815
|
|
@@ -889,10 +891,11 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
889
891
|
assert_equal "yay\nfoo\n", received
|
890
892
|
end
|
891
893
|
|
892
|
-
|
894
|
+
data('with passphrase' => 'yaaaaaaaaaaaaaaaaaaay',
|
895
|
+
'without passphrase' => nil)
|
896
|
+
test 'load self-signed cert/key pair (files), verified from clients using cert files' do |private_key_passphrase|
|
893
897
|
cert_path = File.join(@server_cert_dir, "cert.pem")
|
894
898
|
private_key_path = File.join(@certs_dir, "server.key.pem")
|
895
|
-
private_key_passphrase = "yaaaaaaaaaaaaaaaaaaay"
|
896
899
|
create_server_pair_signed_by_self(cert_path, private_key_path, private_key_passphrase)
|
897
900
|
|
898
901
|
tls_options = {
|
@@ -902,8 +905,8 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
902
905
|
insecure: false,
|
903
906
|
cert_path: cert_path,
|
904
907
|
private_key_path: private_key_path,
|
905
|
-
private_key_passphrase: private_key_passphrase,
|
906
908
|
}
|
909
|
+
tls_options[:private_key_passphrase] = private_key_passphrase if private_key_passphrase
|
907
910
|
received = ""
|
908
911
|
@d.server_create_tls(:s, PORT, tls_options: tls_options) do |data, conn|
|
909
912
|
received << data
|
@@ -922,10 +925,11 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
922
925
|
assert_equal "yay\nfoo\n", received
|
923
926
|
end
|
924
927
|
|
925
|
-
|
928
|
+
data('with passphrase' => "fooooooooooooooooooooooooo",
|
929
|
+
'without passphrase' => nil)
|
930
|
+
test 'create dynamic server cert by private CA cert file, verified from clients using CA cert file' do |ca_key_passphrase|
|
926
931
|
ca_cert_path = File.join(@certs_dir, "ca_cert.pem")
|
927
932
|
ca_key_path = File.join(@certs_dir, "ca.key.pem")
|
928
|
-
ca_key_passphrase = "fooooooooooooooooooooooooo"
|
929
933
|
create_ca_pair_signed_by_self(ca_cert_path, ca_key_path, ca_key_passphrase)
|
930
934
|
|
931
935
|
tls_options = {
|
@@ -935,9 +939,9 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
935
939
|
insecure: false,
|
936
940
|
ca_cert_path: ca_cert_path,
|
937
941
|
ca_private_key_path: ca_key_path,
|
938
|
-
ca_private_key_passphrase: ca_key_passphrase,
|
939
942
|
generate_private_key_length: 2048,
|
940
943
|
}
|
944
|
+
tls_options[:ca_private_key_passphrase] = ca_key_passphrase if ca_key_passphrase
|
941
945
|
received = ""
|
942
946
|
@d.server_create_tls(:s, PORT, tls_options: tls_options) do |data, conn|
|
943
947
|
received << data
|
@@ -950,15 +954,15 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
950
954
|
assert_equal "yay\nfoo\n", received
|
951
955
|
end
|
952
956
|
|
953
|
-
|
957
|
+
data('with passphrase' => ["foooooooo", "yaaaaaaaaaaaaaaaaaaay"],
|
958
|
+
'without passphrase' => [nil, nil])
|
959
|
+
test 'load static server cert by private CA cert file, verified from clients using CA cert file' do |(ca_key_passphrase, private_key_passphrase)|
|
954
960
|
ca_cert_path = File.join(@certs_dir, "ca_cert.pem")
|
955
961
|
ca_key_path = File.join(@certs_dir, "ca.key.pem")
|
956
|
-
ca_key_passphrase = "foooooooo"
|
957
962
|
create_ca_pair_signed_by_self(ca_cert_path, ca_key_path, ca_key_passphrase)
|
958
963
|
|
959
964
|
cert_path = File.join(@server_cert_dir, "cert.pem")
|
960
965
|
private_key_path = File.join(@certs_dir, "server.key.pem")
|
961
|
-
private_key_passphrase = "yaaaaaaaaaaaaaaaaaaay"
|
962
966
|
create_server_pair_signed_by_ca(ca_cert_path, ca_key_path, ca_key_passphrase, cert_path, private_key_path, private_key_passphrase)
|
963
967
|
|
964
968
|
tls_options = {
|
@@ -968,8 +972,8 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
968
972
|
insecure: false,
|
969
973
|
cert_path: cert_path,
|
970
974
|
private_key_path: private_key_path,
|
971
|
-
private_key_passphrase: private_key_passphrase,
|
972
975
|
}
|
976
|
+
tls_options[:private_key_passphrase] = private_key_passphrase if private_key_passphrase
|
973
977
|
received = ""
|
974
978
|
@d.server_create_tls(:s, PORT, tls_options: tls_options) do |data, conn|
|
975
979
|
received << data
|
@@ -982,13 +986,13 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
982
986
|
assert_equal "yay\nfoo\n", received
|
983
987
|
end
|
984
988
|
|
985
|
-
|
989
|
+
data('with passphrase' => ["foooooooo", "yaaaaaaaaaaaaaaaaaaay"],
|
990
|
+
'without passphrase' => [nil, nil])
|
991
|
+
test 'load chained server cert by private CA cert file, verified from clients using CA cert file as root' do |(ca_key_passphrase, private_key_passphrase)|
|
986
992
|
ca_cert_path = File.join(@certs_dir, "ca_cert.pem")
|
987
993
|
ca_key_path = File.join(@certs_dir, "ca.key.pem")
|
988
|
-
ca_key_passphrase = "foooooooo"
|
989
994
|
cert_path = File.join(@server_cert_dir, "cert.pem")
|
990
995
|
private_key_path = File.join(@certs_dir, "server.key.pem")
|
991
|
-
private_key_passphrase = "yaaaaaaaaaaaaaaaaaaay"
|
992
996
|
create_server_pair_chained_with_root_ca(ca_cert_path, ca_key_path, ca_key_passphrase, cert_path, private_key_path, private_key_passphrase)
|
993
997
|
|
994
998
|
tls_options = {
|
@@ -998,8 +1002,8 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
998
1002
|
insecure: false,
|
999
1003
|
cert_path: cert_path,
|
1000
1004
|
private_key_path: private_key_path,
|
1001
|
-
private_key_passphrase: private_key_passphrase,
|
1002
1005
|
}
|
1006
|
+
tls_options[:private_key_passphrase] = private_key_passphrase if private_key_passphrase
|
1003
1007
|
received = ""
|
1004
1008
|
@d.server_create_tls(:s, PORT, tls_options: tls_options) do |data, conn|
|
1005
1009
|
received << data
|
@@ -1042,17 +1046,18 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
1042
1046
|
assert_equal "yay\nfoo\n", received
|
1043
1047
|
end
|
1044
1048
|
|
1045
|
-
|
1049
|
+
data('with passphrase' => "yaaaaaaaaaaaaaaaaaaay",
|
1050
|
+
'without passphrase' => nil)
|
1051
|
+
test 'load self-signed cert/key pair (files), verified from clients using cert files' do |private_key_passphrase|
|
1046
1052
|
cert_path = File.join(@server_cert_dir, "cert.pem")
|
1047
1053
|
private_key_path = File.join(@certs_dir, "server.key.pem")
|
1048
|
-
private_key_passphrase = "yaaaaaaaaaaaaaaaaaaay"
|
1049
1054
|
create_server_pair_signed_by_self(cert_path, private_key_path, private_key_passphrase)
|
1050
1055
|
|
1051
1056
|
transport_opts = {
|
1052
1057
|
'cert_path' => cert_path,
|
1053
1058
|
'private_key_path' => private_key_path,
|
1054
|
-
'private_key_passphrase' => private_key_passphrase,
|
1055
1059
|
}
|
1060
|
+
transport_opts['private_key_passphrase'] = private_key_passphrase if private_key_passphrase
|
1056
1061
|
transport_conf = config_element('transport', 'tls', transport_opts)
|
1057
1062
|
conf = config_element('match', 'tag.*', {}, [transport_conf])
|
1058
1063
|
|
@@ -1076,17 +1081,18 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
1076
1081
|
assert_equal "yay\nfoo\n", received
|
1077
1082
|
end
|
1078
1083
|
|
1079
|
-
|
1084
|
+
data('with passphrase' => "fooooooooooooooooooooooooo",
|
1085
|
+
'without passphrase' => nil)
|
1086
|
+
test 'create dynamic server cert by private CA cert file, verified from clients using CA cert file' do |ca_key_passphrase|
|
1080
1087
|
ca_cert_path = File.join(@certs_dir, "ca_cert.pem")
|
1081
1088
|
ca_key_path = File.join(@certs_dir, "ca.key.pem")
|
1082
|
-
ca_key_passphrase = "fooooooooooooooooooooooooo"
|
1083
1089
|
create_ca_pair_signed_by_self(ca_cert_path, ca_key_path, ca_key_passphrase)
|
1084
1090
|
|
1085
1091
|
transport_opts = {
|
1086
1092
|
'ca_cert_path' => ca_cert_path,
|
1087
1093
|
'ca_private_key_path' => ca_key_path,
|
1088
|
-
'ca_private_key_passphrase' => ca_key_passphrase,
|
1089
1094
|
}
|
1095
|
+
transport_opts['ca_private_key_passphrase'] = ca_key_passphrase if ca_key_passphrase
|
1090
1096
|
transport_conf = config_element('transport', 'tls', transport_opts)
|
1091
1097
|
conf = config_element('match', 'tag.*', {}, [transport_conf])
|
1092
1098
|
|
@@ -1104,22 +1110,22 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
1104
1110
|
assert_equal "yay\nfoo\n", received
|
1105
1111
|
end
|
1106
1112
|
|
1107
|
-
|
1113
|
+
data('with passphrase' => ["foooooooo", "yaaaaaaaaaaaaaaaaaaay"],
|
1114
|
+
'without passphrase' => [nil, nil])
|
1115
|
+
test 'load static server cert by private CA cert file, verified from clients using CA cert file' do |(ca_key_passphrase, private_key_passphrase)|
|
1108
1116
|
ca_cert_path = File.join(@certs_dir, "ca_cert.pem")
|
1109
1117
|
ca_key_path = File.join(@certs_dir, "ca.key.pem")
|
1110
|
-
ca_key_passphrase = "foooooooo"
|
1111
1118
|
create_ca_pair_signed_by_self(ca_cert_path, ca_key_path, ca_key_passphrase)
|
1112
1119
|
|
1113
1120
|
cert_path = File.join(@server_cert_dir, "cert.pem")
|
1114
1121
|
private_key_path = File.join(@certs_dir, "server.key.pem")
|
1115
|
-
private_key_passphrase = "yaaaaaaaaaaaaaaaaaaay"
|
1116
1122
|
create_server_pair_signed_by_ca(ca_cert_path, ca_key_path, ca_key_passphrase, cert_path, private_key_path, private_key_passphrase)
|
1117
1123
|
|
1118
1124
|
transport_opts = {
|
1119
1125
|
'cert_path' => cert_path,
|
1120
1126
|
'private_key_path' => private_key_path,
|
1121
|
-
'private_key_passphrase' => private_key_passphrase,
|
1122
1127
|
}
|
1128
|
+
transport_opts['private_key_passphrase'] = private_key_passphrase if private_key_passphrase
|
1123
1129
|
transport_conf = config_element('transport', 'tls', transport_opts)
|
1124
1130
|
conf = config_element('match', 'tag.*', {}, [transport_conf])
|
1125
1131
|
|
@@ -1137,20 +1143,20 @@ class ServerPluginHelperTest < Test::Unit::TestCase
|
|
1137
1143
|
assert_equal "yay\nfoo\n", received
|
1138
1144
|
end
|
1139
1145
|
|
1140
|
-
|
1146
|
+
data('with passphrase' => ["foooooooo", "yaaaaaaaaaaaaaaaaaaay"],
|
1147
|
+
'without passphrase' => [nil, nil])
|
1148
|
+
test 'load chained server cert by private CA cert file, verified from clients using CA cert file as root' do |(ca_key_passphrase, private_key_passphrase)|
|
1141
1149
|
ca_cert_path = File.join(@certs_dir, "ca_cert.pem")
|
1142
1150
|
ca_key_path = File.join(@certs_dir, "ca.key.pem")
|
1143
|
-
ca_key_passphrase = "foooooooo"
|
1144
1151
|
cert_path = File.join(@server_cert_dir, "cert.pem")
|
1145
1152
|
private_key_path = File.join(@certs_dir, "server.key.pem")
|
1146
|
-
private_key_passphrase = "yaaaaaaaaaaaaaaaaaaay"
|
1147
1153
|
create_server_pair_chained_with_root_ca(ca_cert_path, ca_key_path, ca_key_passphrase, cert_path, private_key_path, private_key_passphrase)
|
1148
1154
|
|
1149
1155
|
transport_opts = {
|
1150
1156
|
'cert_path' => cert_path,
|
1151
1157
|
'private_key_path' => private_key_path,
|
1152
|
-
'private_key_passphrase' => private_key_passphrase,
|
1153
1158
|
}
|
1159
|
+
transport_opts['private_key_passphrase'] = private_key_passphrase if private_key_passphrase
|
1154
1160
|
transport_conf = config_element('transport', 'tls', transport_opts)
|
1155
1161
|
conf = config_element('match', 'tag.*', {}, [transport_conf])
|
1156
1162
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluentd
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.14.
|
4
|
+
version: 0.14.17
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sadayuki Furuhashi
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-05-
|
11
|
+
date: 2017-05-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: msgpack
|