RubyGems - logstash_auditor - Versions diffs - 1.1.0 → 1.1.1 - Mend

logstash_auditor 1.1.0 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/Dockerfile +10 -0
data/README.md +28 -17
data/docker-compose-isolated.yml +21 -0
data/docker-compose.yml +28 -0
data/lib/logstash_auditor/version.rb +1 -1
data/logstash_auditor.gemspec +1 -0
data/retry.sh +23 -0
data/sanity/sanity.rb +1 -1
metadata +21 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2ab15fbb437df572cc228b13e35469d7a2800946
-  data.tar.gz: c8078a1bfc77a5c22d55f8ab544831392d3a3799
+  metadata.gz: cf167e8f8c9c9fa493029eb5e3ac225f881bf02b
+  data.tar.gz: 7d90420e878b53fbf68401d8d59a98156c63019b
 SHA512:
-  metadata.gz: cce478ec437587c1a5bcff5214f96e52bd207037289fb21d01402a4f0a781200bb62647d09b693ad08c65e61ba68a9b3ce288519d9ddc0305c3f3f08cc95ca0f
-  data.tar.gz: e961399424d11bc91aad6b8216e2deed082148179f31b8d87f7a404f5b9709294d074380247e703652e5f0d52789667630e7e461714ca5015e11a9ed62cbbcef
+  metadata.gz: 303aedb8e9b885c357a381628b76b575ed10742973437de563cbb2a3078eddc46de7e52daa04a7c788a41bcae477f32823921bb27014b702cba200e2ec56b179
+  data.tar.gz: cc271f17337a7a4e48d31c4fdfc3cdec7a4b8963771d1c1615eadfa0f75ca2927e51f4da372369c4b94b9df7550552852a03cc279938c8e64850dcd49ed551b1

data/Dockerfile ADDED

@@ -0,0 +1,10 @@
+FROM ruby:2.3.0
+WORKDIR /usr/local/src/
+ADD . /usr/local/src/
+RUN cd /usr/local/src/
+RUN gem install bundler
+RUN bundle install
+CMD bundle exec rspec -cfd spec/*

data/README.md CHANGED

@@ -32,6 +32,25 @@ Or install it yourself as:
 The logstash server must be configured using the configuration in the folder spec/support/logstash_conf.d and spec/support/certificates.
 This configuration is used by the docker image during the TDD tests which ensures that this gem and the server configuration is compatible.
+## Testing for CI purposes
+```bash
+#!/bin/bash
+./spec/support/certificates/setup_certificates_for_logstash_testing.sh
+source retry.sh
+export UID
+retry 3 docker-compose down
+retry 3 docker-compose build --force-rm --no-cache
+set -e
+retry 3 docker-compose -f docker-compose-isolated.yml run --rm test
+EXIT_CODE=$?
+set +e
+docker-compose down
+exit $EXIT_CODE
+```
 ## Testing
 Behavioural driven testing can be performed by testing against a local ELK docker image.
@@ -42,31 +61,23 @@ First you need to generate the certificates needed for authenticating the client
   ./spec/support/certificates/setup_certificates_for_logstash_testing.sh
 ```
-Start a docker container with the ELK stack:
+Then perform the tests:
 ```bash
-  docker run -d --name elk_test_service -v $(pwd)/spec/support/logstash_conf.d:/etc/logstash/conf.d -v $(pwd)/spec/support/certificates:/etc/logstash/certs -p 9300:9300 -p 9200:9200 -p 5000:5000 -p 5044:5044 -p 5601:5601 -p 8081:8080 sebp/elk:es234_l234_k453
-```
-Wait about 30 seconds for image to fire up. Then perform the tests:
-```bash
-  bundle exec rspec -cfd spec/*
+./spec/support/certificates/setup_certificates_for_logstash_testing.sh
+export UID
+docker-compose down
+docker-compose build --force-rm --no-cache
+docker-compose -f docker-compose-isolated.yml run --rm test
+docker-compose down
 ```
 Note that in order to ensure that the processing has occurred on Elastic Search
 there is a 2 second delay between each event submission request and the search request
-Debugging the docker image:
-```bash
-  docker exec -it elk_test_service bash
-  docker stop elk_test_service
-  docker rm -f elk_test_service
-```
 Manual sending of an audit event to docker ELK stack:
 ```bash
-  curl -iv -E ./spec/support/certificates/selfsigned/selfsigned_registered.cert.pem --key ./spec/support/certificates/selfsigned/selfsigned_registered.private.nopass.pem https://localhost:8081 -d "message=soar_logstash_test" --insecure
+  curl -iv -E ./spec/support/certificates/selfsigned/selfsigned_registered.cert.pem --key ./spec/support/certificates/selfsigned/selfsigned_registered.private.nopass.pem https://localhost:8080 -d "{\"audit_message\":\"bla\",\"audit_something_else\":\"foo\"}" --insecure
 ```
 View the audit events created on the Kibana interface:
@@ -82,7 +93,7 @@ Initialize and configure the auditor so:
 ```ruby
 @iut = LogstashAuditor::LogstashAuditor.new
 @logstash_configuration =
-{ "host_url" => "http://localhost:8081",
+{ "host_url" => "http://localhost:8080",
   "username" => "auditorusername",
   "password" => "auditorpassword",
   "timeout"  => 3}

data/docker-compose-isolated.yml ADDED

@@ -0,0 +1,21 @@
+version: '2.0'
+services:
+  elk_test_service:
+    image: sebp/elk:es234_l234_k453
+    expose:
+      - "9300"
+      - "9200"
+      - "5000"
+      - "5044"
+      - "5601"
+      - "8080"
+    volumes:
+      - ./spec/support/logstash_conf.d:/etc/logstash/conf.d
+      - ./spec/support/certificates:/etc/logstash/certs
+  test:
+    build: .
+    command: /bin/bash -c 'sleep 30; bundle exec rspec -cfd spec/*'
+    volumes:
+      - .:/usr/local/src/
+    links:
+      - elk_test_service

data/docker-compose.yml ADDED

@@ -0,0 +1,28 @@
+version: '2.0'
+services:
+  elk_test_service:
+    image: sebp/elk:es234_l234_k453
+    expose:
+      - "9300"
+      - "9200"
+      - "5000"
+      - "5044"
+      - "5601"
+      - "8080"
+    ports:
+      - "9300:9300"
+      - "9200:9200"
+      - "5000:5000"
+      - "5044:5044"
+      - "5601:5601"
+      - "8080:8080"
+    volumes:
+      - ./spec/support/logstash_conf.d:/etc/logstash/conf.d
+      - ./spec/support/certificates:/etc/logstash/certs
+  test:
+    build: .
+    command: /bin/bash -c 'sleep 30; bundle exec rspec -cfd spec/*'
+    volumes:
+      - .:/usr/local/src/
+    links:
+      - elk_test_service

data/lib/logstash_auditor/version.rb CHANGED

@@ -1,3 +1,3 @@
 module LogstashAuditor
-  VERSION = "1.1.0"
+  VERSION = "1.1.1"
 end

data/logstash_auditor.gemspec CHANGED

@@ -25,6 +25,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "byebug", "~> 9"
   spec.add_development_dependency "elasticsearch", "~> 1"
   spec.add_development_dependency "soar_auditing_format", "~> 0.0.5"
+  spec.add_development_dependency "soar_json_auditing_format", "~> 0.0.2"
   spec.add_dependency "http", "~> 2"
   spec.add_dependency "soar_auditor_api", "~> 1.0"

data/retry.sh ADDED

@@ -0,0 +1,23 @@
+#!/bin/bash
+# Retries a command on failure.
+# $1 - the max number of attempts
+# $2... - the command to run
+retry() {
+    local -r -i max_attempts="$1"; shift
+    local -r cmd="$@"
+    local -i attempt_num=1
+    local -i cmd_exit_code=0
+    until eval $cmd
+    do
+        cmd_exit_code=$?
+        if (( attempt_num == max_attempts ))
+        then
+            echo "Attempt $attempt_num failed with code $cmd_exit_code and there are no more attempts left!"
+            exit $cmd_exit_code
+        else
+            echo "Attempt $attempt_num failed with code $cmd_exit_code! Trying again in $attempt_num seconds..."
+            sleep $(( attempt_num++ ))
+        fi
+    done
+}

data/sanity/sanity.rb CHANGED

@@ -6,7 +6,7 @@ require 'securerandom'
 class Main
   def test_sanity
     @iut = LogstashAuditor::LogstashAuditor.new
-    @logstash_configuration = { "host_url"    => "https://localhost:8081",
+    @logstash_configuration = { "host_url"    => "https://localhost:8080",
                                 "certificate"  => File.read("../spec/support/certificates/selfsigned/selfsigned_registered.cert.pem"),
                                 "private_key" => File.read("../spec/support/certificates/selfsigned/selfsigned_registered.private.nopass.pem"),
                                 "timeout"     => 3}

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash_auditor
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.1.1
 platform: ruby
 authors:
 - Barney de Villiers
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2017-02-07 00:00:00.000000000 Z
+date: 2017-05-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -94,6 +94,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.0.5
+- !ruby/object:Gem::Dependency
+  name: soar_json_auditing_format
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.2
 - !ruby/object:Gem::Dependency
   name: http
   requirement: !ruby/object:Gem::Requirement
@@ -134,16 +148,20 @@ files:
 - ".rspec"
 - ".ruby-gemset"
 - ".ruby-version"
+- Dockerfile
 - Gemfile
 - LICENSE.txt
 - README.md
 - Rakefile
 - bin/console
 - bin/setup
+- docker-compose-isolated.yml
+- docker-compose.yml
 - lib/logstash_auditor.rb
 - lib/logstash_auditor/auditor.rb
 - lib/logstash_auditor/version.rb
 - logstash_auditor.gemspec
+- retry.sh
 - sanity/.ruby-gemset
 - sanity/.ruby-version
 - sanity/Gemfile
@@ -168,7 +186,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.5.1
+rubygems_version: 2.4.8
 signing_key:
 specification_version: 4
 summary: Logstash implementation of SOAR architecture auditing