nsq-ruby 1.5.1 → 1.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 382e59adfb6836e6110aa8495e91be67ae04fa4b
-  data.tar.gz: 0cb2761df138f48e1eb790b344b4af6a96ded5d3
+  metadata.gz: 74c7cac5f391e1845369f6589a19a411781bcd5a
+  data.tar.gz: 87bff660b9a046e391cc5535eb05766c23d0ae41
 SHA512:
-  metadata.gz: daeee78b58c442fd6d72dc59ab0cdc411f7a6de847bd7df7ccdf4f19e5ab576d6cbdeba7a3c84ccb8dee15243c5c85e098a057e375e78ce287991b8b22915b1c
-  data.tar.gz: cbe2582b629abfa542615641221f014be6c926f7bd370bd56c158ca6a7c2594839e9e7798dd17f54c6661b10ff38cf6eb2c7a0e206a1735af22f907f2a191ab2
+  metadata.gz: 287c61b256fd4473c43ead39228423044eb936a6823195388488c5e058ae6908833cef0fa62e659afa97ef4606f53501ad521cf9337dca3c56ced373f5eb851b
+  data.tar.gz: 9eeb96b9dab4965e6b2df5910803117119e23b56b98ca3f5d871f7538ac487cac51cb17eb158f38aeaad62b87b35073936268beee9de2c8abcc80fff22e6804e

data/README.md

@@ -60,6 +60,7 @@ The Nsq::Producer constructor takes the following options:
 | `topic`       | Topic to which to publish messages     |                    |
 | `nsqd`        | Host and port of the nsqd instance     | '127.0.0.1:4150'   |
 | `nsqlookupd`  | Use lookupd to automatically discover nsqds |               |
+| `ssl_context` | Optional keys and certificates for TLS connections |        |
 
 For example, if you'd like to publish messages to a single nsqd.
 
@@ -82,6 +83,19 @@ producer = Nsq::Producer.new(
 )
 ```
 
+If you need to connect using SSL/TLS
+
+```Ruby
+producer = Nsq::Producer.new(
+  nsqlookupd: ['1.2.3.4:4161', '6.7.8.9:4161'],
+  topic: 'topic-of-great-esteem',
+  ssl_context: {
+    key: '/path/to/ssl/key.pem',
+    certificate: '/path/to/ssl/certificate.pem'
+  }
+)
+```
+
 
 ### `#write`
 
@@ -149,6 +163,7 @@ producers when you're done with them.
 | `max_in_flight`      | Max number of messages for this consumer to have in flight at a time   | 1 |
 | `discovery_interval` | Seconds between queue discovery via nsqlookupd    | 60.0   |
 | `msg_timeout`        | Milliseconds before nsqd will timeout a message   | 60000  |
+| `ssl_context`        | Optional keys and certificates for TLS connections |       |
 
 
 For example:
@@ -160,7 +175,11 @@ consumer = Nsq::Consumer.new(
   nsqlookupd: ['127.0.0.1:4161', '4.5.6.7:4161'],
   max_in_flight: 100,
   discovery_interval: 30,
-  msg_timeout: 120_000
+  msg_timeout: 120_000,
+  ssl_context: {
+    key: '/path/to/ssl/key.pem',
+    certificate: '/path/to/ssl/certificate.pem'
+  }
 )
 ```
 
@@ -285,11 +304,11 @@ connection timeout support (0.2.29).
 - Discovery via nsqlookupd
 - Automatic reconnection to nsqd
 - Producing to all nsqd instances automatically via nsqlookupd
+- TLS
 
 
 ### Does not support
 
-- TLS
 - Compression
 - Backoff
 - Authentication
@@ -318,16 +337,18 @@ VERBOSE=true rake spec
 ## Is this production ready?
 
 Yes! It's used in several critical parts of our infrastructure at
-[Wistia](http://wistia.com) and currently produces and consumes tens of
+[Wistia](http://wistia.com) and currently produces and consumes hundreds of
 millions of messages a day.
 
 
 ## Authors
 
-- Robby Grossman (@freerobby)
-- Brendan Schwartz (@bschwartz)
-- Marshall Moutenot (@mmoutenot)
-- Danielle Sucher (@DanielleSucher)
+- Robby Grossman ([@freerobby](https://github.com/freerobby))
+- Brendan Schwartz ([@bschwartz](https://github.com/bschwartz))
+- Marshall Moutenot ([@mmoutenot](https://github.com/mmoutenot))
+- Danielle Sucher ([@DanielleSucher](https://github.com/DanielleSucher))
+- Anders Chen ([@chen-anders](https://github.com/chen-anders))
+- Thomas O'Neil ([@alieander](https://github.com/alieander))
 
 
 ## MIT License

data/lib/nsq/client_base.rb

@@ -89,7 +89,8 @@ module Nsq
       host, port = nsqd.split(':')
       connection = Connection.new({
         host: host,
-        port: port
+        port: port,
+        ssl_context: @ssl_context
       }.merge(options))
       @connections[nsqd] = connection
     end

data/lib/nsq/connection.rb

@@ -1,5 +1,6 @@
 require 'json'
 require 'socket'
+require 'openssl'
 require 'timeout'
 
 require_relative 'frames/error'
@@ -24,12 +25,14 @@ module Nsq
 
     def initialize(opts = {})
       @host = opts[:host] || (raise ArgumentError, 'host is required')
-      @port = opts[:port] || (raise ArgumentError, 'host is required')
+      @port = opts[:port] || (raise ArgumentError, 'port is required')
       @queue = opts[:queue]
       @topic = opts[:topic]
       @channel = opts[:channel]
       @msg_timeout = opts[:msg_timeout] || 60_000 # 60s
       @max_in_flight = opts[:max_in_flight] || 1
+      @ssl_context = opts[:ssl_context]
+      validate_ssl_context! if @ssl_context
 
       if @msg_timeout < 1000
         raise ArgumentError, 'msg_timeout cannot be less than 1000. it\'s in milliseconds.'
@@ -146,7 +149,7 @@ module Nsq
         heartbeat_interval: 30_000, # 30 seconds
         output_buffer: 16_000, # 16kb
         output_buffer_timeout: 250, # 250ms
-        tls_v1: false,
+        tls_v1: !!@ssl_context,
         snappy: false,
         deflate: false,
         sample_rate: 0, # disable sampling
@@ -314,6 +317,7 @@ module Nsq
       # it gets to nsqd ahead of anything in the `@write_queue`
       write_to_socket '  V2'
       identify
+      upgrade_to_ssl_socket if @ssl_context
 
       start_read_loop
       start_write_loop
@@ -346,6 +350,23 @@ module Nsq
     end
 
 
+    def upgrade_to_ssl_socket
+      @socket = OpenSSL::SSL::SSLSocket.new(@socket, openssl_context)
+      @socket.connect
+    end
+
+
+    def openssl_context
+      context = OpenSSL::SSL::SSLContext.new
+      context.cert = OpenSSL::X509::Certificate.new(File.open(@ssl_context[:certificate]))
+      context.key = OpenSSL::PKey::RSA.new(File.open(@ssl_context[:key]))
+      if @ssl_context[:ca_certificate]
+        context.ca_file = OpenSSL::X509::Certificate.new(File.open(@ssl_context[:ca_certificate])).to_pem
+      end
+      context
+    end
+
+
     # Retry the supplied block with exponential backoff.
     #
     # Borrowed liberally from:
@@ -398,5 +419,18 @@ module Nsq
     end
 
 
+    def validate_ssl_context!
+      [:key, :certificate].each do |key|
+        unless @ssl_context.has_key?(key)
+          raise ArgumentError.new "ssl_context requires a :#{key}"
+        end
+      end
+
+      [:key, :certificate, :ca_certificate].each do |key|
+        if @ssl_context[key] && !File.readable?(@ssl_context[key])
+          raise LoadError.new "ssl_context :#{key} is unreadable"
+        end
+      end
+    end
   end
 end

data/lib/nsq/consumer.rb

@@ -17,6 +17,7 @@ module Nsq
       @max_in_flight = opts[:max_in_flight] || 1
       @discovery_interval = opts[:discovery_interval] || 60
       @msg_timeout = opts[:msg_timeout]
+      @ssl_context = opts[:ssl_context]
 
       # This is where we queue up the messages we receive from each connection
       @messages = opts[:queue] || Queue.new

data/lib/nsq/producer.rb

@@ -8,6 +8,7 @@ module Nsq
       @connections = {}
       @topic = opts[:topic]
       @discovery_interval = opts[:discovery_interval] || 60
+      @ssl_context = opts[:ssl_context]
 
       nsqlookupds = []
       if opts[:nsqlookupd]

data/lib/version.rb

@@ -1,8 +1,8 @@
 module Nsq
   module Version
     MAJOR = 1
-    MINOR = 5
-    PATCH = 1
+    MINOR = 6
+    PATCH = 0
     BUILD = nil
     STRING = [MAJOR, MINOR, PATCH, BUILD].compact.join('.')
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: nsq-ruby
 version: !ruby/object:Gem::Version
-  version: 1.5.1
+  version: 1.6.0
 platform: ruby
 authors:
 - Wistia
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-04-13 00:00:00.000000000 Z
+date: 2016-04-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler