logstash-filter-prune 3.0.3 → 3.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: deb0d52cec628b048467fbf821157a697bfcdc67c1cd6db110eb2c378c1238e1
-  data.tar.gz: 4fb0c6fb2f5a5fc4deb5cf3deaccc6bc073c8d06f103f04a695c4d3109990adf
+  metadata.gz: 28e7aa1f366437289ce58f0efe100c88d183e700cbd31c4410281e86297a652b
+  data.tar.gz: c1694004e92a1fdb785f5c097c0a5d32be6635fdf14d7babb839f82a2fd0e6cc
 SHA512:
-  metadata.gz: 2e4a0b10cc6a30e2b458bd7707d91c1a53f46426e537dea284cb9be6c5e33a3cbd53f4eddc832bcdcfad00e828df7e2517c7652e314e47ec9dc8b149582dd28a
-  data.tar.gz: faa92faab71601ceef5e7dee03f73c6170d3275929e44dd88f0d7569449908400228525a23205ba8cd924bfd072246014c759374c8703947c6f0d46f409e6cfb
+  metadata.gz: c94b68626810f30c9064b5a0adb06d18cd7453c61bb0bb6ed1e3ba0d7c856311a52cc69825224b12fecc1422f0412b94d8dee47d7277b83ce81c0f7a7f3d6913
+  data.tar.gz: f06d4af667368912eed28d90f38a49c928036fe5e41ad8c1c2771b6f2f7f571b033cde42fc0a26a7bbc310ac11c379b1a45bf708ab8b77a9e52eb1f8e2e23c00

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+# 3.0.4
+  - Fixed regex to prevent Exception in sprintf call [#25](https://github.com/logstash-plugins/logstash-filter-prune/pull/25)
+  - Changed testing to docker [#27](https://github.com/logstash-plugins/logstash-filter-prune/pull/27)
+  - Added clarification in docs around whitelist_values
+  - Changed tests from insist to expect
+
 ## 3.0.3
   - Update gemspec summary
 

data/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2012–2016 Elasticsearch <http://www.elastic.co>
+Copyright (c) 2012-2018 Elasticsearch <http://www.elastic.co>
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

data/docs/index.asciidoc

@@ -24,8 +24,8 @@ The prune filter is for removing fields from events based on
 whitelists or blacklist of field names or their values (names and
 values can also be regular expressions).
 
-This can e.g. be useful if you have a <<plugins-filters-json,json>>
-or <<plugins-filters-kv,kv>> filter that creates a number of fields
+This can e.g. be useful if you have a {logstash-ref}/plugins-filters-json.html[json]
+or {logstash-ref}/plugins-filters-kv.html[kv] filter that creates a number of fields
 with names that you don't necessarily know the names of beforehand,
 and you only want to keep a subset of them.
 
@@ -139,6 +139,7 @@ Include only fields only if their names match specified regexps, default to empt
 
 Include specified fields only if their values match one of the supplied regular expressions.
 In case field values are arrays, each array item is matched against the regular expressions and only matching array items will be included.
+By default all fields that are not listed in this setting are kept unless pruned by other settings.
 [source,ruby]
     filter {
       prune {
@@ -151,4 +152,4 @@ In case field values are arrays, each array item is matched against the regular
 
 
 [id="plugins-{type}s-{plugin}-common-options"]
-include::{include_path}/{type}.asciidoc[]
+include::{include_path}/{type}.asciidoc[]

data/lib/logstash/filters/prune.rb

@@ -63,7 +63,7 @@ class LogStash::Filters::Prune < LogStash::Filters::Base
   #         blacklist_names => [ "method", "(referrer|status)", "${some}_field" ]
   #       }
   #     }
-  config :blacklist_names, :validate => :array, :default => [ "%\{[^}]+\}" ]
+  config :blacklist_names, :validate => :array, :default => [ "%\\{[^}]+\\}" ]
 
   # Include specified fields only if their values match one of the supplied regular expressions.
   # In case field values are arrays, each array item is matched against the regular expressions and only matching array items will be included.

data/logstash-filter-prune.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-filter-prune'
-  s.version         = '3.0.3'
+  s.version         = '3.0.4'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Prunes event data based on a list of fields to blacklist or whitelist"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"

data/spec/filters/prune_spec.rb

@@ -6,18 +6,11 @@ require "logstash/filters/prune"
 #
 # See the 'whitelist field values with interpolation' test for a commented
 # explanation of my confusion.
-describe LogStash::Filters::Prune, :if => false  do
-  
-
-  describe "defaults" do
-
-    config <<-CONFIG
-      filter {
-        prune { }
-      }
-    CONFIG
-
-    sample(
+describe LogStash::Filters::Prune do
+  subject { described_class.new(config) }
+  let(:config) { {} }
+  let(:event_data) do
+    {
       "firstname"    => "Borat",
       "lastname"     => "Sagdiyev",
       "fullname"     => "Borat Sagdiyev",
@@ -26,416 +19,264 @@ describe LogStash::Filters::Prune, :if => false  do
       "hobby"        => "Cloud",
       "status"       => "200",
       "Borat_saying" => "Cloud is not ready for enterprise if is not integrate with single server running Active Directory.",
-      "%{hmm}"       => "doh"
-    ) do
-      insist { subject.get("firstname") } == "Borat"
-      insist { subject.get("lastname") } == "Sagdiyev"
-      insist { subject.get("fullname") } == "Borat Sagdiyev"
-      insist { subject.get("country") } == "Kazakhstan"
-      insist { subject.get("location") } == "Somethere in Kazakhstan"
-      insist { subject.get("hobby") } == "Cloud"
-      insist { subject.get("status") } == "200"
-      insist { subject.get("Borat_saying") } == "Cloud is not ready for enterprise if is not integrate with single server running Active Directory."
-      insist { subject.get("%{hmm}") } == nil
-    end
+    }
   end
 
-  describe "whitelist field names" do
+  let(:event) { LogStash::Event.new(event_data) }
 
-    config <<-CONFIG
-      filter {
-        prune {
-          whitelist_names => [ "firstname", "(hobby|status)", "%{firstname}_saying" ]
-        }
-      }
-    CONFIG
+  before(:each) do
+    subject.register
+    subject.filter(event)
+  end
 
-    sample(
-      "firstname"    => "Borat",
-      "lastname"     => "Sagdiyev",
-      "fullname"     => "Borat Sagdiyev",
-      "country"      => "Kazakhstan",
-      "location"     => "Somethere in Kazakhstan",
-      "hobby"        => "Cloud",
-      "status"       => "200",
-      "Borat_saying" => "Cloud is not ready for enterprise if is not integrate with single server running Active Directory.",
-      "%{hmm}"       => "doh"
-    ) do
-      insist { subject.get("firstname") } == "Borat"
-      insist { subject.get("lastname") } == nil
-      insist { subject.get("fullname") } == nil
-      insist { subject.get("country") } == nil
-      insist { subject.get("location") } == nil
-      insist { subject.get("hobby") } == "Cloud"
-      insist { subject.get("status") } == "200"
-      insist { subject.get("Borat_saying") } == nil
-      insist { subject.get("%{hmm}") } == nil
+  describe "default behaviour" do
+    it "retains all fields since whiteliste_names is empty" do
+      expect(event.to_hash.keys).to include(*event_data.keys)
+    end
+    describe "blacklist_names" do
+      let(:event_data) { super.merge("%{hmm}" => "doh") }
+      it "drops unresolved field references" do
+        expect(event.get("%{hmm}")).to be_nil
+      end
     end
   end
 
-  describe "whitelist field names with interpolation" do
+  describe "whitelist_names" do
 
-    config <<-CONFIG
-      filter {
-        prune {
-          whitelist_names => [ "firstname", "(hobby|status)", "%{firstname}_saying" ]
-          interpolate     => true
-        }
-      }
-    CONFIG
-
-    sample(
-      "firstname"    => "Borat",
-      "lastname"     => "Sagdiyev",
-      "fullname"     => "Borat Sagdiyev",
-      "country"      => "Kazakhstan",
-      "location"     => "Somethere in Kazakhstan",
-      "hobby"        => "Cloud",
-      "status"       => "200",
-      "Borat_saying" => "Cloud is not ready for enterprise if is not integrate with single server running Active Directory.",
-      "%{hmm}"       => "doh"
-    ) do
-      insist { subject.get("firstname") } == "Borat"
-      insist { subject.get("lastname") } == nil
-      insist { subject.get("fullname") } == nil
-      insist { subject.get("country") } == nil
-      insist { subject.get("location") } == nil
-      insist { subject.get("hobby") } == "Cloud"
-      insist { subject.get("status") } == "200"
-      insist { subject.get("Borat_saying") } == "Cloud is not ready for enterprise if is not integrate with single server running Active Directory."
-      insist { subject.get("%{hmm}") } == nil
+    let(:config) do
+      { "whitelist_names" => [ "firstname", "(hobby|status)", "%{firstname}_saying" ] }
     end
-  end
 
-  describe "blacklist field names" do
-
-    config <<-CONFIG
-      filter {
-        prune {
-          blacklist_names => [ "firstname", "(hobby|status)", "%{firstname}_saying" ]
-        }
-      }
-    CONFIG
+    it "keeps fields in the list" do
+      expect(event.get("firstname")).to eq("Borat")
+      expect(event.get("hobby")).to eq("Cloud")
+      expect(event.get("status")).to eq("200")
+    end
 
-    sample(
-      "firstname"    => "Borat",
-      "lastname"     => "Sagdiyev",
-      "fullname"     => "Borat Sagdiyev",
-      "country"      => "Kazakhstan",
-      "location"     => "Somethere in Kazakhstan",
-      "hobby"        => "Cloud",
-      "status"       => "200",
-      "Borat_saying" => "Cloud is not ready for enterprise if is not integrate with single server running Active Directory.",
-      "%{hmm}"       => "doh"
-    ) do
-      insist { subject.get("firstname") } == nil
-      insist { subject.get("lastname") } == "Sagdiyev"
-      insist { subject.get("fullname") } == "Borat Sagdiyev"
-      insist { subject.get("country") } == "Kazakhstan"
-      insist { subject.get("location") } == "Somethere in Kazakhstan"
-      insist { subject.get("hobby") } == nil
-      insist { subject.get("status") } == nil
-      insist { subject.get("Borat_saying") } == "Cloud is not ready for enterprise if is not integrate with single server running Active Directory."
-      insist { subject.get("%{hmm}") } == "doh"
+    it "drops fields not described in the whitelist" do
+      expect(event.get("lastname")).to be_nil
+      expect(event.get("fullname")).to be_nil
+      expect(event.get("country")).to be_nil
+      expect(event.get("location")).to be_nil
+      expect(event.get("Borat_saying")).to be_nil
+      expect(event.get("%{hmm}")).to be_nil
     end
-  end
 
-  describe "blacklist field names with interpolation" do
+    context "with interpolation" do
 
-    config <<-CONFIG
-      filter {
-        prune {
-          blacklist_names => [ "firstname", "(hobby|status)", "%{firstname}_saying" ]
-          interpolate     => true
+      let(:config) do
+        {
+          "whitelist_names" => [ "firstname", "%{firstname}_saying" ],
+          "interpolate" => true
         }
-      }
-    CONFIG
+      end
 
-    sample(
-      "firstname"    => "Borat",
-      "lastname"     => "Sagdiyev",
-      "fullname"     => "Borat Sagdiyev",
-      "country"      => "Kazakhstan",
-      "location"     => "Somethere in Kazakhstan",
-      "hobby"        => "Cloud",
-      "status"       => "200",
-      "Borat_saying" => "Cloud is not ready for enterprise if is not integrate with single server running Active Directory.",
-      "%{hmm}"       => "doh"
-    ) do
-      insist { subject.get("firstname") } == nil
-      insist { subject.get("lastname") } == "Sagdiyev"
-      insist { subject.get("fullname") } == "Borat Sagdiyev"
-      insist { subject.get("country") } == "Kazakhstan"
-      insist { subject.get("location") } == "Somethere in Kazakhstan"
-      insist { subject.get("hobby") } == nil
-      insist { subject.get("status") } == nil
-      insist { subject.get("Borat_saying") } == nil
-      insist { subject.get("%{hmm}") } == "doh"
+      it "retains fields that match after interpolation" do
+        expect(event.get("firstname")).to eq("Borat")
+        expect(event.get("Borat_saying")).to eq("Cloud is not ready for enterprise if is not integrate with single server running Active Directory.")
+      end
     end
   end
 
-  describe "whitelist field values" do
-
-    config <<-CONFIG
-      filter {
-        prune {
-          # This should only  permit fields named 'firstname', 'fullname',
-          # 'location', 'status', etc.
-          whitelist_values => [ "firstname", "^Borat$",
-                                "fullname", "%{firstname} Sagdiyev",
-                                "location", "no no no",
-                                "status", "^2",
-                                "%{firstname}_saying", "%{hobby}.*Active" ]
-        }
-      }
-    CONFIG
+  describe "blacklist_names" do
 
-    sample(
-      "firstname"    => "Borat",
-      "lastname"     => "Sagdiyev",
-      "fullname"     => "Borat Sagdiyev",
-      "country"      => "Kazakhstan",
-      "location"     => "Somethere in Kazakhstan",
-      "hobby"        => "Cloud",
-      "status"       => "200",
-      "Borat_saying" => "Cloud is not ready for enterprise if is not integrate with single server running Active Directory.",
-      "%{hmm}"       => "doh"
-    ) do
-      insist { subject.get("firstname") } == "Borat"
-
-      # TODO(sissel): According to the config above, this should be nil because
-      # it is not in the list of whitelisted fields, but we expect it to be
-      # "Sagdiyev" ? I am confused.
-      insist { subject.get("lastname") } == "Sagdiyev"
-      insist { subject.get("fullname") } == nil
-      insist { subject.get("country") } == "Kazakhstan"
-      insist { subject.get("location") } == nil
-      insist { subject.get("hobby") } == "Cloud"
-      insist { subject.get("status") } == "200"
-      insist { subject.get("Borat_saying") } == "Cloud is not ready for enterprise if is not integrate with single server running Active Directory."
-
-      # TODO(sissel): Contrary to the 'lastname' check, we expect %{hmm} field
-      # to be nil because it is not whitelisted, yes? Contradictory insists
-      # here. I don't know what the intended behavior is... Seems like
-      # whitelist means 'anything not here' but since this test is written
-      # confusingly, I dont' know how to move forward.
-      insist { subject.get("%{hmm}") } == nil
+    let(:config) do
+      { "blacklist_names" => [ "firstname", "(hobby|status)", "%{firstname}_saying" ] }
     end
-  end
 
-  describe "whitelist field values with interpolation" do
-
-    config <<-CONFIG
-      filter {
-        prune {
-          whitelist_values => [ "firstname", "^Borat$",
-                                "fullname", "%{firstname} Sagdiyev",
-                                "location", "no no no",
-                                "status", "^2",
-                                "%{firstname}_saying", "%{hobby}.*Active" ]
-          interpolate      => true
-        }
-      }
-    CONFIG
+    it "drops fields in the list" do
+      expect(event.get("firstname")).to eq(nil)
+      expect(event.get("hobby")).to eq(nil)
+      expect(event.get("status")).to eq(nil)
+    end
 
-    sample(
-      "firstname"    => "Borat",
-      "lastname"     => "Sagdiyev",
-      "fullname"     => "Borat Sagdiyev",
-      "country"      => "Kazakhstan",
-      "location"     => "Somethere in Kazakhstan",
-      "hobby"        => "Cloud",
-      "status"       => "200",
-      "Borat_saying" => "Cloud is not ready for enterprise if is not integrate with single server running Active Directory.",
-      "%{hmm}"       => "doh"
-    ) do
-      insist { subject.get("firstname") } == "Borat"
-      insist { subject.get("lastname") } == "Sagdiyev"
-      insist { subject.get("fullname") } == "Borat Sagdiyev"
-      insist { subject.get("country") } == "Kazakhstan"
-      insist { subject.get("location") } == nil
-      insist { subject.get("hobby") } == "Cloud"
-      insist { subject.get("status") } == "200"
-      insist { subject.get("Borat_saying") } == "Cloud is not ready for enterprise if is not integrate with single server running Active Directory."
-      insist { subject.get("%{hmm}") } == nil
+    it "keeps the remaining fields" do
+      expect(event.get("lastname")).to eq("Sagdiyev")
+      expect(event.get("fullname")).to eq("Borat Sagdiyev")
+      expect(event.get("country")).to eq("Kazakhstan")
+      expect(event.get("location")).to eq("Somethere in Kazakhstan")
+      expect(event.get("Borat_saying")).to eq("Cloud is not ready for enterprise if is not integrate with single server running Active Directory.")
     end
-  end
 
-  describe "blacklist field values" do
+    context "if there are non resolved field references" do
+      let(:event_data) { super.merge("%{hmm}" => "doh") }
+      it "also drops them" do
+        expect(event.get("%{hmm}")).to eq("doh")
+      end
+    end
+    context "with interpolation" do
 
-    config <<-CONFIG
-      filter {
-        prune {
-          blacklist_values => [ "firstname", "^Borat$",
-                                "fullname", "%{firstname} Sagdiyev",
-                                "location", "no no no",
-                                "status", "^2",
-                                "%{firstname}_saying", "%{hobby}.*Active" ]
-        }
-      }
-    CONFIG
+      let(:config) { super.merge("interpolate" => true) }
 
-    sample(
-      "firstname"    => "Borat",
-      "lastname"     => "Sagdiyev",
-      "fullname"     => "Borat Sagdiyev",
-      "country"      => "Kazakhstan",
-      "location"     => "Somethere in Kazakhstan",
-      "hobby"        => "Cloud",
-      "status"       => "200",
-      "Borat_saying" => "Cloud is not ready for enterprise if is not integrate with single server running Active Directory.",
-      "%{hmm}"       => "doh"
-    ) do
-      insist { subject.get("firstname") } == nil
-      insist { subject.get("lastname") } == "Sagdiyev"
-      insist { subject.get("fullname") } == "Borat Sagdiyev"
-      insist { subject.get("country") } == "Kazakhstan"
-      insist { subject.get("location") } == "Somethere in Kazakhstan"
-      insist { subject.get("hobby") } == "Cloud"
-      insist { subject.get("status") } == nil
-      insist { subject.get("Borat_saying") } == "Cloud is not ready for enterprise if is not integrate with single server running Active Directory."
-      insist { subject.get("%{hmm}") } == nil
+      it "drops fields after interpolation" do
+        expect(event.get("Borat_saying")).to be_nil
+      end
     end
   end
-
-  describe "blacklist field values with interpolation" do
-
-    config <<-CONFIG
-      filter {
-        prune {
-          blacklist_values => [ "firstname", "^Borat$",
-                                "fullname", "%{firstname} Sagdiyev",
-                                "location", "no no no",
-                                "status", "^2",
-                                "%{firstname}_saying", "%{hobby}.*Active" ]
-          interpolate      => true
+  describe "whitelist_values" do
+
+    let(:config) do
+      {
+        # This should only  permit fields named 'firstname', 'fullname',
+        # 'location', 'status', etc.
+        "whitelist_values" => {
+          "firstname" => "^Borat$",
+          "fullname" => "%{firstname} Sagdiyev",
+          "location" => "no no no",
+          "status" => "^2",
+          "%{firstname}_saying" => "%{hobby}.*Active"
         }
       }
-    CONFIG
+    end
 
-    sample(
-      "firstname"    => "Borat",
-      "lastname"     => "Sagdiyev",
-      "fullname"     => "Borat Sagdiyev",
-      "country"      => "Kazakhstan",
-      "location"     => "Somethere in Kazakhstan",
-      "hobby"        => "Cloud",
-      "status"       => "200",
-      "Borat_saying" => "Cloud is not ready for enterprise if is not integrate with single server running Active Directory.",
-      "%{hmm}"       => "doh"
-    ) do
-      insist { subject.get("firstname") } == nil
-      insist { subject.get("lastname") } == "Sagdiyev"
-      insist { subject.get("fullname") } == nil
-      insist { subject.get("country") } == "Kazakhstan"
-      insist { subject.get("location") } == "Somethere in Kazakhstan"
-      insist { subject.get("hobby") } == "Cloud"
-      insist { subject.get("status") } == nil
-      insist { subject.get("Borat_saying") } == nil
-      insist { subject.get("%{hmm}") } == nil
+    it "keeps fields in the whitelist if the value matches" do
+      expect(event.get("firstname")).to eq("Borat")
+      expect(event.get("status")).to eq("200")
     end
-  end
 
-  describe "whitelist field values on fields witn array values" do
+    it "drops fields in the whitelist if the value doesn't match" do
+      expect(event.get("fullname")).to be_nil
+      expect(event.get("location")).to be_nil
+    end
+
+    it "include all other fields" do
+      # whitelist_values will only filter configured fields
+      # all others are still governed by the whitelist_names setting
+      # which means they're all kept by default
+      expect(event.get("lastname")).to eq("Sagdiyev")
+      expect(event.get("country")).to eq("Kazakhstan")
+      expect(event.get("hobby")).to eq("Cloud")
+      expect(event.get("Borat_saying")).to eq("Cloud is not ready for enterprise if is not integrate with single server running Active Directory.")
+    end
 
-    config <<-CONFIG
-      filter {
-        prune {
-          whitelist_values => [ "status", "^(1|2|3)",
-                                "xxx", "3",
-                                "error", "%{blah}" ]
+    context "with interpolation" do
+
+      let(:config) do
+        {
+          "whitelist_values" => {
+            "firstname" => "^Borat$",
+            "fullname" => "%{firstname} Sagdiyev",
+            "location" => "no no no",
+            "status" => "^2",
+            "%{firstname}_saying" => "%{hobby}.*Active"
+          },
+          "interpolate" => true
         }
-      }
-    CONFIG
-
-    sample(
-      "blah"   => "foo",
-      "xxx" => [ "1 2 3", "3 4 5" ],
-      "status" => [ "100", "200", "300", "400", "500" ],
-      "error"  => [ "This is foolish" , "Need smthing smart too" ]
-    ) do
-      insist { subject.get("blah") } == "foo"
-      insist { subject.get("error") } == nil
-      insist { subject.get("xxx") } == [ "1 2 3", "3 4 5" ]
-      insist { subject.get("status") } == [ "100", "200", "300" ]
+      end
+      let(:event_data) { super.merge("%{hmm}" => "doh") }
+      it "keeps field values after interpolation" do
+        expect(event.get("fullname")).to eq("Borat Sagdiyev")
+        expect(event.get("Borat_saying")).to eq("Cloud is not ready for enterprise if is not integrate with single server running Active Directory.")
+      end
+    end
+    context "with array values" do
+
+      let(:config) do
+        {
+          "whitelist_values" => {
+            "status" => "^(1|2|3)",
+            "xxx" => "3",
+            "error" => "%{blah}"
+          }
+        }
+      end
+
+      let(:event_data) do
+        {
+          "blah"   => "foo",
+          "xxx" => [ "1 2 3", "3 4 5" ],
+          "status" => [ "100", "200", "300", "400", "500" ],
+          "error"  => [ "This is foolish" , "Need smthing smart too" ]
+        }
+      end
+
+      it "drops fields if no value matches" do
+        expect(event.get("error")).to eq(nil)
+      end
+
+      it "keeps only elements that match" do
+        expect(event.get("status")).to eq([ "100", "200", "300" ])
+      end
+
+      it "keeps values intact if they all match" do
+        expect(event.get("xxx")).to eq([ "1 2 3", "3 4 5" ])
+      end
+      context "with interpolation" do
+        let(:config) { super.merge("interpolate" => true) }
+        it "keeps values that match after interpolation" do
+          expect(event.get("error")).to eq([ "This is foolish" ])
+        end
+      end
     end
   end
 
-  describe "blacklist field values on fields witn array values" do
+  describe "blacklist_values" do
 
-    config <<-CONFIG
-      filter {
-        prune {
-          blacklist_values => [ "status", "^(1|2|3)",
-                                "xxx", "3",
-                                "error", "%{blah}" ]
+    let(:config) do
+      {
+        "blacklist_values" => {
+          "firstname" => "^Borat$",
+          "fullname" => "%{firstname} Sagdiyev",
+          "location" => "no no no",
+          "status" => "^2",
+          "%{firstname}_saying" => "%{hobby}.*Active"
         }
       }
-    CONFIG
-
-    sample(
-      "blah"   => "foo",
-      "xxx" => [ "1 2 3", "3 4 5" ],
-      "status" => [ "100", "200", "300", "400", "500" ],
-      "error"  => [ "This is foolish", "Need smthing smart too" ]
-    ) do
-      insist { subject.get("blah") } == "foo"
-      insist { subject.get("error") } == [ "This is foolish", "Need smthing smart too" ]
-      insist { subject.get("xxx") } == nil
-      insist { subject.get("status") } == [ "400", "500" ]
     end
-  end
 
-  describe "whitelist field values with interpolation on fields witn array values" do
+    it "drops fields that match the values" do
+      expect(event.get("firstname")).to eq(nil)
+      expect(event.get("status")).to eq(nil)
+    end
 
-    config <<-CONFIG
-      filter {
-        prune {
-          whitelist_values => [ "status", "^(1|2|3)",
-                                "xxx", "3",
-                                "error", "%{blah}" ]
-          interpolate      => true
-        }
-      }
-    CONFIG
-
-    sample(
-      "blah"   => "foo",
-      "xxx" => [ "1 2 3", "3 4 5" ],
-      "status" => [ "100", "200", "300", "400", "500" ],
-      "error"  => [ "This is foolish" , "Need smthing smart too" ]
-    ) do
-      insist { subject.get("blah") } == "foo"
-      insist { subject.get("error") } == [ "This is foolish" ]
-      insist { subject.get("xxx") } == [ "1 2 3", "3 4 5" ]
-      insist { subject.get("status") } == [ "100", "200", "300" ]
+    it "keeps fields that don't match the values" do
+      expect(event.get("fullname")).to eq("Borat Sagdiyev")
+      expect(event.get("location")).to eq("Somethere in Kazakhstan")
     end
-  end
 
-  describe "blacklist field values with interpolation on fields witn array values" do
+    context "with interpolation" do
 
-    config <<-CONFIG
-      filter {
-        prune {
-          blacklist_values => [ "status", "^(1|2|3)",
-                                "xxx", "3",
-                                "error", "%{blah}" ]
-          interpolate      => true
+      let(:config) { super.merge("interpolate" => true) }
+
+      it "drops fields that match after interpolation" do
+        expect(event.get("fullname")).to eq(nil)
+        expect(event.get("Borat_saying")).to eq(nil)
+      end
+    end
+    context "with array values" do
+
+      let(:config) do
+        {
+          "blacklist_values" => {
+            "status" => "^(1|2|3)",
+            "xxx" => "3",
+            "error" => "%{blah}"
+          }
         }
-      }
-    CONFIG
-
-    sample(
-      "blah"   => "foo",
-      "xxx" => [ "1 2 3", "3 4 5" ],
-      "status" => [ "100", "200", "300", "400", "500" ],
-      "error"  => [ "This is foolish" , "Need smthing smart too" ]
-    ) do
-      insist { subject.get("blah") } == "foo"
-      insist { subject.get("error") } == [ "Need smthing smart too" ]
-      insist { subject.get("xxx") } == nil
-      insist { subject.get("status") } == [ "400", "500" ]
+      end
+      let(:event_data) do
+        {
+          "blah"   => "foo",
+          "xxx" => [ "1 2 3", "3 4 5" ],
+          "status" => [ "100", "200", "300", "400", "500" ],
+          "error"  => [ "This is foolish", "Need smthing smart too" ]
+        }
+      end
+      it "drops fields if no elements match" do
+        expect(event.get("xxx")).to eq(nil)
+      end
+
+      it "keeps values that don't match" do
+        expect(event.get("error")).to eq([ "This is foolish", "Need smthing smart too" ])
+        expect(event.get("status")).to eq([ "400", "500" ])
+      end
+
+      context "with interpolation" do
+        let(:config) { super.merge("interpolate" => true) }
+        it "drops values that match after interpolation" do
+          expect(event.get("error")).to eq([ "Need smthing smart too" ])
+        end
+      end
     end
   end
-
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-filter-prune
 version: !ruby/object:Gem::Version
-  version: 3.0.3
+  version: 3.0.4
 platform: ruby
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-11-07 00:00:00.000000000 Z
+date: 2019-09-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -84,7 +84,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.11
+rubygems_version: 2.6.13
 signing_key:
 specification_version: 4
 summary: Prunes event data based on a list of fields to blacklist or whitelist