logstash-filter-cipher_kms 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/logstash/filters/cipher_kms.rb +16 -7
  3. data/logstash-filter-cipher_kms.gemspec +1 -1
  4. data/spec/filters/cipher_kms_spec.rb +9 -3
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ed89b14bf1cc7071f46c6b032418964fbbba986bce93223c43834767ffb2015c
4
- data.tar.gz: 8b606cdb81cd8a4cdc3e4dac878c84b8e03abb7ede4f49c5f2392b5c13182b36
3
+ metadata.gz: 4c989e3557976e3787785dceea661541b8f868d51e47c69235a231523eead501
4
+ data.tar.gz: f13d8829089f66c19a6e55ccaa57c3d99f2ac5474585c5d26ed27e0b96e09d2b
5
5
  SHA512:
6
- metadata.gz: c20c24d7da265edda22c83b236583b8b90aa3b0b413494779bb5881f470d1ba38190705198337abcfb030f67f3af4b991cba747cae26a12e3e4fad0eab27376f
7
- data.tar.gz: 8a74e1042d7a8e802d6512f2561a37b63c960cfe135cd203374c9084122c31a465951a704b4170c3fb527ccf7efc0165416c4621947a33e1ec07fc2d47b9125a
6
+ metadata.gz: 87b41c4c8b27655ad5d41617178068ab1737114567fbff767526ad0c15f592c3af6e86cfecc219455a0d7e57ab5619e9fae4dfc5601969e3b8e4de46b9f6eace
7
+ data.tar.gz: 6eb778dc69cf5d21c54c4a266e9c38e8de8e3e2a3411624930bd974cf209b188cec36c55809ebd2fda6c53b8d7d8f41779a62e32becfcec0c869c30d862ba6be
data/lib/logstash/filters/cipher_kms.rb CHANGED
@@ -134,8 +134,8 @@ class LogStash::Filters::CipherKms < LogStash::Filters::Base
134
134
  def filter(event)
135
135
  # If decrypt or encrypt fails, we keep it it intact.
136
136
  begin
137
- if event.get(@source).blank?
138
- @logger.debug("Event to filter, event 'source' field: " + @source + ' was nil or blank, doing nothing.')
137
+ if blank?(event.get(@source))
138
+ @logger.debug("Event to filter, event 'source' field: " + @source + ' was nil or empty, doing nothing.')
139
139
  return
140
140
  end
141
141
 
@@ -156,14 +156,18 @@ class LogStash::Filters::CipherKms < LogStash::Filters::Base
156
156
  filter_matched(event)
157
157
  end
158
158
  rescue => e
159
- @logger.warn('Exception caught on cipher filter', event: event, error: e)
160
- # force a re-initialize on error to be safe
161
- init_cipher
159
+ handle_unexpected_error(event, e)
162
160
  ensure
163
161
  rotate_cipher_if_needed
164
162
  end
165
163
  end
166
164
 
165
+ def handle_unexpected_error(event, error)
166
+ @logger.warn('Exception caught on cipher filter', event: event, error: error)
167
+ # force a re-initialize on error to be safe
168
+ init_cipher
169
+ end
170
+
167
171
  def encrypt(data)
168
172
  @random_iv = OpenSSL::Random.random_bytes(@iv_random_length)
169
173
  kms_response = @kms.generate_data_key(key_id: @key_id, key_spec: @algorithm,
@@ -224,10 +228,10 @@ class LogStash::Filters::CipherKms < LogStash::Filters::Base
224
228
  @logger.debug('Encryption Context: ' + @encryption_context.to_s, plugin: self.class.name)
225
229
 
226
230
  credentials = nil
227
- if !@access_key_id.blank? && !@secret_access_key.blank?
231
+ if !blank?(@access_key_id) && !blank?(@secret_access_key)
228
232
  credentials = Aws::Credentials.new(@access_key_id, @secret_access_key)
229
233
  @logger.debug('Using Static Credentials', plugin: self.class.name)
230
- elsif !@aws_shared_credentials_path.blank? || !@aws_profile.blank?
234
+ elsif !blank?(@aws_shared_credentials_path) || !blank?(@aws_profile.blank)
231
235
  credentials = Aws::SharedCredentials.new(path: @aws_shared_credentials_path, profile_name: @aws_profile)
232
236
  @logger.debug('Using Shared Credentials', plugin: self.class.name)
233
237
  elsif @aws_instance_profile
@@ -276,4 +280,9 @@ class LogStash::Filters::CipherKms < LogStash::Filters::Base
276
280
  true
277
281
  end
278
282
 
283
+ private
284
+
285
+ def blank?(data)
286
+ data.nil? || data.empty?
287
+ end
279
288
  end
data/logstash-filter-cipher_kms.gemspec CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = 'logstash-filter-cipher_kms'
5
- s.version = '0.1.2'
5
+ s.version = '0.1.3'
6
6
  s.licenses = ['Apache License (2.0)']
7
7
  s.summary = 'This is a Logstash plugin to allow data
8
8
  encryption/decryption using AWS KMS.'
data/spec/filters/cipher_kms_spec.rb CHANGED
@@ -137,8 +137,14 @@ describe LogStash::Filters::CipherKms do
137
137
  'kms_cmk_id' => 'arn:aws:kms:eu-west-1:666666666666:alias/kms-key'
138
138
  }
139
139
  )
140
- plain_text = 'foo'
141
- event = LogStash::Event.new(LogStash::Json.load("{\"message\":\"#{plain_text}\"}"))
140
+ msg = {
141
+ message: {
142
+ foo: 'bar'
143
+ }
144
+ }.to_json
145
+
146
+ event = LogStash::Event.new(LogStash::Json.load(msg))
147
+ expect(encrypter).not_to receive(:handle_unexpected_error)
142
148
  encrypter.register
143
149
  decrypter.register
144
150
 
@@ -147,7 +153,7 @@ describe LogStash::Filters::CipherKms do
147
153
  decrypter.filter(event)
148
154
  end
149
155
 
150
- expect(event.get('message')).to eq(plain_text)
156
+ expect(event.get('message')).to eq({ "foo" => "bar" })
151
157
  end
152
158
  end
153
159
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-filter-cipher_kms
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.2
4
+ version: 0.1.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Onfido
@@ -120,7 +120,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
120
120
  version: '0'
121
121
  requirements: []
122
122
  rubyforge_project:
123
- rubygems_version: 2.6.13
123
+ rubygems_version: 2.6.11
124
124
  signing_key:
125
125
  specification_version: 4
126
126
  summary: This is a Logstash plugin to allow data encryption/decryption using AWS KMS.