logstash-filter-cipher_kms 0.1.2 → 0.1.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/logstash/filters/cipher_kms.rb +16 -7
  3. data/logstash-filter-cipher_kms.gemspec +1 -1
  4. data/spec/filters/cipher_kms_spec.rb +9 -3
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ed89b14bf1cc7071f46c6b032418964fbbba986bce93223c43834767ffb2015c
4
- data.tar.gz: 8b606cdb81cd8a4cdc3e4dac878c84b8e03abb7ede4f49c5f2392b5c13182b36
3
+ metadata.gz: 4c989e3557976e3787785dceea661541b8f868d51e47c69235a231523eead501
4
+ data.tar.gz: f13d8829089f66c19a6e55ccaa57c3d99f2ac5474585c5d26ed27e0b96e09d2b
5
5
  SHA512:
6
- metadata.gz: c20c24d7da265edda22c83b236583b8b90aa3b0b413494779bb5881f470d1ba38190705198337abcfb030f67f3af4b991cba747cae26a12e3e4fad0eab27376f
7
- data.tar.gz: 8a74e1042d7a8e802d6512f2561a37b63c960cfe135cd203374c9084122c31a465951a704b4170c3fb527ccf7efc0165416c4621947a33e1ec07fc2d47b9125a
6
+ metadata.gz: 87b41c4c8b27655ad5d41617178068ab1737114567fbff767526ad0c15f592c3af6e86cfecc219455a0d7e57ab5619e9fae4dfc5601969e3b8e4de46b9f6eace
7
+ data.tar.gz: 6eb778dc69cf5d21c54c4a266e9c38e8de8e3e2a3411624930bd974cf209b188cec36c55809ebd2fda6c53b8d7d8f41779a62e32becfcec0c869c30d862ba6be
data/lib/logstash/filters/cipher_kms.rb CHANGED
@@ -134,8 +134,8 @@ class LogStash::Filters::CipherKms < LogStash::Filters::Base
134
134
  def filter(event)
135
135
  # If decrypt or encrypt fails, we keep it it intact.
136
136
  begin
137
- if event.get(@source).blank?
138
- @logger.debug("Event to filter, event 'source' field: " + @source + ' was nil or blank, doing nothing.')
137
+ if blank?(event.get(@source))
138
+ @logger.debug("Event to filter, event 'source' field: " + @source + ' was nil or empty, doing nothing.')
139
139
  return
140
140
  end
141
141
 
@@ -156,14 +156,18 @@ class LogStash::Filters::CipherKms < LogStash::Filters::Base
156
156
  filter_matched(event)
157
157
  end
158
158
  rescue => e
159
- @logger.warn('Exception caught on cipher filter', event: event, error: e)
160
- # force a re-initialize on error to be safe
161
- init_cipher
159
+ handle_unexpected_error(event, e)
162
160
  ensure
163
161
  rotate_cipher_if_needed
164
162
  end
165
163
  end
166
164
 
165
+ def handle_unexpected_error(event, error)
166
+ @logger.warn('Exception caught on cipher filter', event: event, error: error)
167
+ # force a re-initialize on error to be safe
168
+ init_cipher
169
+ end
170
+
167
171
  def encrypt(data)
168
172
  @random_iv = OpenSSL::Random.random_bytes(@iv_random_length)
169
173
  kms_response = @kms.generate_data_key(key_id: @key_id, key_spec: @algorithm,
@@ -224,10 +228,10 @@ class LogStash::Filters::CipherKms < LogStash::Filters::Base
224
228
  @logger.debug('Encryption Context: ' + @encryption_context.to_s, plugin: self.class.name)
225
229
 
226
230
  credentials = nil
227
- if !@access_key_id.blank? && !@secret_access_key.blank?
231
+ if !blank?(@access_key_id) && !blank?(@secret_access_key)
228
232
  credentials = Aws::Credentials.new(@access_key_id, @secret_access_key)
229
233
  @logger.debug('Using Static Credentials', plugin: self.class.name)
230
- elsif !@aws_shared_credentials_path.blank? || !@aws_profile.blank?
234
+ elsif !blank?(@aws_shared_credentials_path) || !blank?(@aws_profile.blank)
231
235
  credentials = Aws::SharedCredentials.new(path: @aws_shared_credentials_path, profile_name: @aws_profile)
232
236
  @logger.debug('Using Shared Credentials', plugin: self.class.name)
233
237
  elsif @aws_instance_profile
@@ -276,4 +280,9 @@ class LogStash::Filters::CipherKms < LogStash::Filters::Base
276
280
  true
277
281
  end
278
282
 
283
+ private
284
+
285
+ def blank?(data)
286
+ data.nil? || data.empty?
287
+ end
279
288
  end
data/logstash-filter-cipher_kms.gemspec CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = 'logstash-filter-cipher_kms'
5
- s.version = '0.1.2'
5
+ s.version = '0.1.3'
6
6
  s.licenses = ['Apache License (2.0)']
7
7
  s.summary = 'This is a Logstash plugin to allow data
8
8
  encryption/decryption using AWS KMS.'
data/spec/filters/cipher_kms_spec.rb CHANGED
@@ -137,8 +137,14 @@ describe LogStash::Filters::CipherKms do
137
137
  'kms_cmk_id' => 'arn:aws:kms:eu-west-1:666666666666:alias/kms-key'
138
138
  }
139
139
  )
140
- plain_text = 'foo'
141
- event = LogStash::Event.new(LogStash::Json.load("{\"message\":\"#{plain_text}\"}"))
140
+ msg = {
141
+ message: {
142
+ foo: 'bar'
143
+ }
144
+ }.to_json
145
+
146
+ event = LogStash::Event.new(LogStash::Json.load(msg))
147
+ expect(encrypter).not_to receive(:handle_unexpected_error)
142
148
  encrypter.register
143
149
  decrypter.register
144
150
 
@@ -147,7 +153,7 @@ describe LogStash::Filters::CipherKms do
147
153
  decrypter.filter(event)
148
154
  end
149
155
 
150
- expect(event.get('message')).to eq(plain_text)
156
+ expect(event.get('message')).to eq({ "foo" => "bar" })
151
157
  end
152
158
  end
153
159
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-filter-cipher_kms
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.2
4
+ version: 0.1.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Onfido
@@ -120,7 +120,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
120
120
  version: '0'
121
121
  requirements: []
122
122
  rubyforge_project:
123
- rubygems_version: 2.6.13
123
+ rubygems_version: 2.6.11
124
124
  signing_key:
125
125
  specification_version: 4
126
126
  summary: This is a Logstash plugin to allow data encryption/decryption using AWS KMS.