Merge pull request #16 from HatsuneMiku3939/feature/add-support-self-signed-cert

add suport self-signed cert related options

Author: HatsuneMiku3939

README.md

@@ -112,23 +112,25 @@ You can found more examples in `test/plugin/test_in_http_pull.rb`
 
 ## Configuration
 
-### tag (string) (required)
+### Basic options
+
+#### tag (string) (required)
 
 The tag of the event.
 
-### url (string) (required)
+#### url (string) (required)
 
 The url of remote server.
 
-### agent (string) (optional, default: fluent-plugin-http-pull)
+#### agent (string) (optional, default: fluent-plugin-http-pull)
 
 The user agent string of request.
 
-### interval (time) (required)
+#### interval (time) (required)
 
 The interval time between periodic request.
 
-### format (required)
+#### format (required)
 
 The format of the response body. Due to limitation of current implement it is
 always required regardless `status_only` option.
@@ -137,11 +139,11 @@ always required regardless `status_only` option.
 [parser article](https://docs.fluentd.org/v0.12/articles/parser-plugin-overview)
 for more detail.
 
-### status_only (bool) (optional, default: false)
+#### status_only (bool) (optional, default: false)
 
 If `status_only` is true, body is not parsed.
 
-### http_method (enum) (optional, default: :get)
+###E http_method (enum) (optional, default: :get)
 
 The http request method for each requests. Avaliable options are listed below.
 
@@ -151,30 +153,51 @@ The http request method for each requests. Avaliable options are listed below.
 
 If `status_only` is true, `http_method` was override to `head`
 
-### timeout (time) (optional, default: 10s)
+#### timeout (time) (optional, default: 10s)
 
 The timeout of each request.
 
-### proxy (string) (optional, default: nil)
+### Proxy options`
+
+#### proxy (string) (optional, default: nil)
 
 The HTTP proxy URL to use for each requests
 
-### user (string) (optional, default: nil)
+### Basic auth options
+
+#### user (string) (optional, default: nil)
 
 The user for basic auth
 
-### password (string) (optional, default: nil)
+#### password (string) (optional, default: nil)
 
 The password for basic auth
 
-### response_header (section) (optional, default: nil)
+### Req/Resp header options
+
+#### response_header (section) (optional, default: nil)
 
 The name of response header for capture.
 
-### request_header (section) (optional, default: nil)
+#### request_header (section) (optional, default: nil)
 
 The name, value pair of custom reuqest header.
 
+### SSL options
+
+#### verify_ssl (bool) (optional, default: true)
+
+When false, SSL verification is ignored.
+
+#### ca_path (string) (optional, defualt: nil)
+
+The absolute path of directory where ca_file stored. Should be used with `ca_file`.
+
+#### ca_file (string) (optional, defualt: nil)
+
+The Absolute path of ca_file. Should be used with `ca_path`.
+
+
 ## In case of remote error
 
 ### Can receive response from remote

fluent-plugin-http-pull.gemspec

@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name    = "fluent-plugin-http-pull"
-  spec.version = "0.7.0"
+  spec.version = "0.8.1"
   spec.authors = ["filepang"]
   spec.email   = ["[email protected]"]
 

lib/fluent/plugin/in_http_pull.rb

@@ -26,6 +26,7 @@ def initialize
         super
       end
 
+      # basic options
       desc 'The tag of the event.'
       config_param :tag, :string
 
@@ -47,15 +48,18 @@ def initialize
       desc 'The timeout second of each request'
       config_param :timeout, :time, default: 10
 
+      # proxy options
       desc 'The HTTP proxy URL to use for each requests'
       config_param :proxy, :string, default: nil
 
+      # basic auth options
       desc 'user of basic auth'
       config_param :user, :string, default: nil
 
       desc 'password of basic auth'
       config_param :password, :string, default: nil
 
+      # req/res header options
       config_section :response_header, param_name: :response_headers, multi: true do
         desc 'The name of header to cature from response'
         config_param :header, :string
@@ -69,6 +73,17 @@ def initialize
         config_param :value, :string
       end
 
+      # ssl options
+      desc 'verify_ssl'
+      config_param :verify_ssl, :bool, default: true
+
+      desc "The absolute path of directory where ca_file stored"
+      config_param :ca_path, :string, default: nil
+
+      desc "The absolute path of ca_file"
+      config_param :ca_file, :string, default: nil
+
+
       def configure(conf)
         compat_parameters_convert(conf, :parser)
         super
@@ -103,6 +118,12 @@ def on_timer
           request_options[:user] = @user if @user
           request_options[:password] = @password if @password
 
+          request_options[:verify_ssl] = @verify_ssl
+          if @verify_ssl and @ca_path and @ca_file
+            request_options[:ssl_ca_path] = @ca_path
+            request_options[:ssl_ca_file] = @ca_file
+          end
+
           res = RestClient::Request.execute request_options
 
           record["status"] = res.code

test/helper/.ssl/README

@@ -0,0 +1,25 @@
+# 1. Generate a Private Key
+
+```
+openssl genrsa -aes128 -out server.key 2048
+	Enter pass phrase : 3939
+```
+
+# 2. Generate a CSR (Certificate Signing Request)
+
+```
+openssl req -new -key server.key -out server.csr
+```
+
+# 3. Remove Passphrase from Key
+
+```
+cp server.key server.key.org
+openssl rsa -in server.key.org -out server.key
+```
+
+# 4. Generating a Self-Signed Certificate
+
+```
+openssl x509 -req -days 36500 -in server.csr -signkey server.key -out server.crt
+```

test/helper/.ssl/server.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDLDCCAhQCCQCv3Q6dwIpcDDANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJK
+UDEOMAwGA1UECAwFVG9reW8xDjAMBgNVBAcMBVRva3lvMRQwEgYDVQQKDAtIYXRz
+dW5lTWlrdTESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTE4MDUyNzA0MDcyN1oYDzIx
+MTgwNTAzMDQwNzI3WjBXMQswCQYDVQQGEwJKUDEOMAwGA1UECAwFVG9reW8xDjAM
+BgNVBAcMBVRva3lvMRQwEgYDVQQKDAtIYXRzdW5lTWlrdTESMBAGA1UEAwwJbG9j
+YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1ChrQuEuVEA
+2KdEfWbfZ2b+vj7g878AIrVCR6cuc5YzLb79lvJ8lWr9SzuGsiNir+z/1up/dnPf
+kdnAK9zm3rnAVkgGGM0WG+uEwOhXRe1yGb2PNMDzj0XzfE77QI6b+SyiHG6FpDrD
+sztI9GfyU+dJNxP8ygyJ5Xq7XKlOZ7emW9ceq0I4eNEXmuCriS5zHJr+G61plnX5
+vANmalVumKH0nkKAjQxxvs8jlUVO2KESUPq8sSiO1ijBw+aTOTY5qryRCRlNzvzb
+uCE8e2FPKogbmO/O9wyL1vW2q9RQFFvg06X6Qf46oQGrisAua8HE7Ny5LoDXaB7N
+lM9dNZ8M/QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCouD3GnuDy3j/aliTIDIMh
+nOHV6maXlJZYki26/HFdaLiLwM1+ghgMtVpRd/JY3w4H7tAz2x7Db5ZKvrCupdpN
+rUvCYAk24ZE34s7WktS+OondzSjLCuVseHUBVHIDbpH9yGHRwZ4fm7jaVXq5wpJy
+8zKGMBZJH7omNyeV3ulC8GemmzZNpsdy1eS1ajLf8tGUOEBW3E1h+485E4/BqOKz
+uGCx8zUgmNxvUt0yUNfYcBWHL+BOr5UWwpQ/qAqx9Hubs8nD1JZNgKpILlSYjMRV
+graRRhUHs95AjppvzmCds8jdAQJXgzJ0ZLiRqsKZX2WllJSvrSOZXBlrNdB5tSHa
+-----END CERTIFICATE-----

test/helper/.ssl/server.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICnDCCAYQCAQAwVzELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMQ4wDAYD
+VQQHDAVUb2t5bzEUMBIGA1UECgwLSGF0c3VuZU1pa3UxEjAQBgNVBAMMCWxvY2Fs
+aG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9Qoa0LhLlRANin
+RH1m32dm/r4+4PO/ACK1QkenLnOWMy2+/ZbyfJVq/Us7hrIjYq/s/9bqf3Zz35HZ
+wCvc5t65wFZIBhjNFhvrhMDoV0Xtchm9jzTA849F83xO+0COm/ksohxuhaQ6w7M7
+SPRn8lPnSTcT/MoMieV6u1ypTme3plvXHqtCOHjRF5rgq4kucxya/hutaZZ1+bwD
+ZmpVbpih9J5CgI0Mcb7PI5VFTtihElD6vLEojtYowcPmkzk2Oaq8kQkZTc7827gh
+PHthTyqIG5jvzvcMi9b1tqvUUBRb4NOl+kH+OqEBq4rALmvBxOzcuS6A12gezZTP
+XTWfDP0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAnwC2nOl/tFm47UpXmx1PF
+OKLM9JD2P6r5Snp3R5u814FFIwgXJwz6+WTCQLqls28r4OTLK/W3me/m5L4GO/0U
+bUsVpYrAmfEbh7DSh1J3KFf7eVTbRpxfj9SvTWXnge2yOnXjDld4iZiqA8azSGi6
+YNY5K4AOw9s+y/LBYrLAm5Xa8WkPmF4Ufbf1ErpbvLGl38csJHpi4SZpXG5eVdDS
+EJGJG8Tjf+EM8+VeTZ0ct63bkt9TnBgYcHurhuFRJX1thz3epkA4uQi5a8ZDcLe4
+LHrHr12SyXuXFJrCT4th2itZjxRY9y8Vr5CFHtcaC7vbUVJDmX2pFRRQAD+4493/
+-----END CERTIFICATE REQUEST-----

test/helper/.ssl/server.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAv1ChrQuEuVEA2KdEfWbfZ2b+vj7g878AIrVCR6cuc5YzLb79
+lvJ8lWr9SzuGsiNir+z/1up/dnPfkdnAK9zm3rnAVkgGGM0WG+uEwOhXRe1yGb2P
+NMDzj0XzfE77QI6b+SyiHG6FpDrDsztI9GfyU+dJNxP8ygyJ5Xq7XKlOZ7emW9ce
+q0I4eNEXmuCriS5zHJr+G61plnX5vANmalVumKH0nkKAjQxxvs8jlUVO2KESUPq8
+sSiO1ijBw+aTOTY5qryRCRlNzvzbuCE8e2FPKogbmO/O9wyL1vW2q9RQFFvg06X6
+Qf46oQGrisAua8HE7Ny5LoDXaB7NlM9dNZ8M/QIDAQABAoIBAQCmtMkc88OEg8w7
+/Y0VxNV40eu6tSnp245vsAiATXKRr9kKzLlGlifvP1pV+xnFEkaFS/wnNxE4k4HG
+IrtsvUHD5JJv3LTLWbIhRBnaytp5iY16Vo56BoR1XRvtPxl6yImrF7RvF/OGBtrO
+zCMnLYigihJnVxhYq5Jhj4/CD5nNj11L+1A6wb28HHNLYvMh8QSp5+QriZ5Ehugb
+a99Y5d/5JoAaDDZpUpmtOMp11pfhM3pRNa55qvckPuCTAT5xcEJbxGpIKWDK+8OL
+a83mASrSPp7QRIEpKlQaQF9DoFqBZgKHYsCFebFopA5lBtqO0GlYaXJQCk3tRp5b
+/JyBJzK1AoGBAN3tjqcqFKJXfAb9ovtlfjX1KMxZ2ZWwc+CeYzfNTcT42uYdqfSq
+7d1RXdfZbJEpLsd+HMeUfIg/R5XWI2jIXa3Qj19LsTpOUZi6o7ceTZZgp2fCYloA
+reyAEo5zxCVNjwVYrso5hFHe8nns039qkmytZCwgRuR9PEYusGnmF8rDAoGBANyv
+5Aq5btqfrxv+CYmC8Wu2ghFScsxRP++IHEx7wMWfqKztTX0WbMO40/NVmRF/Ntoy
+65YtixY+DpnqRD8Sd1CjfwcfqGsPLfpnVkEq2xUPmx2TIAnY1/drap70jJm1mOyd
+yWxKQYwdX0ZOAPvQi+snrVQRYADuw7mCcqtTos0/AoGAG2KQAtKvfyTaeiZcMTdh
+7piU8zp3HgCLHAGPbrhXy2GF6XVpnnZlKbU7pkH/Ip55VkaamIobH9jnJXcqIWjw
+Hl2pA3JcqTw212jYgOUtX8wHfEdBSafhzlgzcf6ZCp1ac6dw0iVszYl8VE1D/+oP
+rXdr8AH/nXxSrrpeLIMnFm8CgYEAnjnN+pJxFHahCiTdmaY0idHU965xeGRYvtiL
+0Zp44DhUq4eIo0LMwJdn/3NDx/O51D/mAUquCkh8F4aLX91RhpNypBzil7/Oa1Zj
+1V1wrmz9/fpaYjUCwvZU/5q+pAY7moqWu/mRfXAhuzp6IhGn//X2o+vBNWn7Eqqg
+pI3Wj+kCgYArJJZOj3srjNij++FWtgBmP7/gTdIJNybkpa01ub5vBYDmi77uj0oD
+zDCZMwsJ/nRJBJ4a1U7B5VSy36UJN1JvY4xriR+yaOb0ttNb+pEzjSENchsqwcez
+8ogUa3vR+xMXy/wQVZrMm00cQktzQbTZI23aNIWKsevJI28wXcBbLQ==
+-----END RSA PRIVATE KEY-----

test/helper/.ssl/server.key.org

@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,4BBDC20C90C15D774E6E07EDEA6BC54A
+
+/rzYRt/Z0PCttHRYiKVFxMlPjKoOlQSEiRPJKTgAGLYDsZKv4DQL9EN5cVMoSCz4
+N+90H4d6ycDa+o/G2U1g79LjKa6REzelSDIjnHDOBT06c1i7859IGZLQNjcI81mW
+q38exdgm4VXB9qIjHEbjM0lj6dRlbx7ebfqrNcpm42q/7QgWljjyjVTwfTz4T8CI
+CPe+d7d8ukr/CCehtcP3aLOQN6rZ3fVuROdzuQ3lUEdcswbe11RTKZvmMsBLOZ2i
+ws4ot/JgXkHjO1oRJk1AUq0i16p3AfQdo/jCVvverMVuuruDxBu5uMefgj03sR8G
+Anh3Og8F76JGGgN6HDZmPCuW7MIt7UjV4mBCbARcNVWFEcsnYbeLqcKD6J11IbOm
+niXEgWMS+b+YNCYdkbwVhAHftCvRUAaRN1kcPNuc7cX5oEXTILfYzw3cdxiugwNN
+7/USXcgmH8R23sDMnZI8gJTjDmynTW8X0ftXLGPmkc6oDZGk6NfRoH9bi+Vue9kj
+rjz27Gs/4j7v5s2KigMeTSqx8tCMj0TVmvE4tYjyp9R7xB5lZ4+/uPB9JRoImpAA
+5MbgrnPYvyw4vchBs8CBHVG/cy0K75aKX7Efw5oUZ/NObm6cHb8EYU5ODBy08erb
+40INhJDcop+YG5ElO06RzEp1CyDM/S9d3L7NatVyDS3Vkd7SKsxoqrNOJ4X+UNeO
+swyfmzsXkBvV5bTAql2PPnS1fNrdsTCS1khf2Hbb1OUywAAD2IvakhTANasOcLEU
+sU5Wvdqu3EEhiLsTUi0LAXU/vH1WxD0VKQiUpVSpo95Xlrz21QEFOcrEKeCByjIj
+AKbYgQDI6p/6OcYIT7q7hG5BKGbskDSz+p3Bu/q68VTMzjHTtJwTj0W+46+nyu9U
+Mc5DCUScNXyz8wdrZhbUh12HgyY98Yze87hJ5YKCuo2P6ylm6PNFDctRjMoBTDrX
+xLvKWhH0sp8ZTi2MZVdENzuR/w9OuCstkKDvApfFdyhsqSdwW40moa4YfjQVLhgb
+ZsKwZodz7fhGYkzGP8aizRJWr3gXLiwwBy+Ko20aVU+8hQmcT6OUV/B5gINY0m7/
+Bxeqjiijg7AyCO3ilh3w3LpCOr4Uk9bGQnCMHgi15vH8w9W/akbWRSxCchSwWbBX
+fZG8KXSH7h9QNwq19MfHSnDd0mwt7M+oFO3EmZUDHKca5OuVWDEn3JXavQo8jRwT
+yWSWFeeits6RIw/XN6c4EKtG+Y0wR1hAxlqPUq40vgEGwTBY4iLbPbgr3v6wXi0x
+C054QfBigmx4yNATIB+DGGpEi3EGhfwfSaw7W7gmSL3W9XzKqr4JQBe6azMYWFGF
+COZe6FqnKEUJq/5HqChWNvhHl8kic72sjD/fIIadSAVEZ1/e4XegL7GQ7dckyGV6
+zKZhtLI+jfiFc5Lcr8wPwvoxb3ez1mAq9MOl77mQGMRDSq+JTnUeG5COt6Gjka9Q
+9iqaePPF+rRz65jfYS9FJWI6eL1WyPXu61mbjhkWcnC8GTSBeVNsSXl27m1QIKUv
+ftiF57yNlZzxf4wWzbqsRZHbwcC/pEXMwHK415am3yL0sJE8bqtGcz+V6CXXKrFV
+-----END RSA PRIVATE KEY-----

test/helper/stub_server.rb

@@ -1,4 +1,5 @@
 require 'webrick'
+require 'webrick/https'
 
 class DeleteService < WEBrick::HTTPServlet::AbstractServlet
   def service(req, res)
@@ -13,7 +14,10 @@ def service(req, res)
 end
 
 class StubServer
-  def initialize
+  def initialize(port=3939, ssl_enable=false)
+    @port = port
+    @ssl_enable = ssl_enable
+
     create_server
 
     # mount handler
@@ -57,7 +61,19 @@ def create_server
       [@log_file, WEBrick::AccessLog::COMBINED_LOG_FORMAT],
     ]
 
-    @server = WEBrick::HTTPServer.new :Port => 3939, :Logger => @log, :AccessLog => @access_log
+
+    if @ssl_enable
+      ssl_basepath = File.join(File.dirname(__FILE__), ".ssl")
+      @server = WEBrick::HTTPServer.new :Port => @port,
+        :SSLEnable => true,
+        :Logger => @log, :AccessLog => @access_log,
+        :SSLPrivateKey => OpenSSL::PKey::RSA.new(File.open(File.join(ssl_basepath, "server.key")).read),
+        :SSLCertificate => OpenSSL::X509::Certificate.new(File.open(File.join(ssl_basepath, "server.crt")).read),
+        :SSLCertName => [["CN", "localhost"]]
+    else
+      @server = WEBrick::HTTPServer.new :Port => @port,
+        :Logger => @log, :AccessLog => @access_log
+    end
   end
 
   def ok(req, res)
@@ -116,4 +132,3 @@ def method_post(req, res)
     end
   end
 end
-

test/plugin/test_in_http_pull.rb

@@ -7,7 +7,7 @@ class HttpPullInputTestDefaultOptions < Test::Unit::TestCase
   sub_test_case "default value of each options" do
     TEST_DEFAULT_VALUE_CONFIG = %[
       tag test
-      url http://127.0.0.1:3939
+      url http://localhost:3939
 
       interval 3s
       format json
@@ -61,6 +61,27 @@ class HttpPullInputTestDefaultOptions < Test::Unit::TestCase
 
       assert_equal("fluent-plugin-http-pull", d.instance.agent)
     end
+
+    test 'verify_ssl' do
+      d = create_driver TEST_DEFAULT_VALUE_CONFIG
+      assert_equal("test", d.instance.tag)
+
+      assert_equal(true, d.instance.verify_ssl)
+    end
+
+    test 'ca_path' do
+      d = create_driver TEST_DEFAULT_VALUE_CONFIG
+      assert_equal("test", d.instance.tag)
+
+      assert_equal(nil, d.instance.ca_path)
+    end
+
+    test 'ca_file' do
+      d = create_driver TEST_DEFAULT_VALUE_CONFIG
+      assert_equal("test", d.instance.tag)
+
+      assert_equal(nil, d.instance.ca_file)
+    end
   end
 
   private