From 537173a81b35c5584e983af161ec87309345d0f7 Mon Sep 17 00:00:00 2001 From: Kenji Okimoto Date: Fri, 16 Nov 2018 10:22:31 +0900 Subject: [PATCH 1/3] out_forward: Rename parameter tls_cert_path to tls_ca_cert_path Clarify the meaning of the parameter. See #1879 for more details Signed-off-by: Kenji Okimoto --- lib/fluent/plugin/out_forward.rb | 9 +++++---- test/plugin/test_out_forward.rb | 18 ++++++++++++++++++ 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/lib/fluent/plugin/out_forward.rb b/lib/fluent/plugin/out_forward.rb index ca25092ccd..7e9bf8a772 100644 --- a/lib/fluent/plugin/out_forward.rb +++ b/lib/fluent/plugin/out_forward.rb @@ -91,7 +91,8 @@ class ConnectionClosedError < Error; end desc 'Verify hostname of servers and certificates or not in TLS transport.' config_param :tls_verify_hostname, :bool, default: true desc 'The additional CA certificate path for TLS.' - config_param :tls_cert_path, :array, value_type: :string, default: nil + config_param :tls_ca_cert_path, :array, value_type: :string, default: nil + config_param :tls_cert_path, :array, value_type: :string, default: nil, deprecated: "Use tls_ca_cert_path instead" config_section :security, required: false, multi: false do desc 'The hostname' @@ -166,8 +167,8 @@ def configure(conf) end if @transport == :tls - if @tls_cert_path && !@tls_cert_path.empty? - @tls_cert_path.each do |path| + if @tls_ca_cert_path && !@tls_ca_cert_path.empty? + @tls_ca_cert_path.each do |path| raise Fluent::ConfigError, "specified cert path does not exist:#{path}" unless File.exist?(path) raise Fluent::ConfigError, "specified cert path is not readable:#{path}" unless File.readable?(path) end @@ -324,7 +325,7 @@ def create_transfer_socket(host, port, hostname, &block) verify_fqdn: @tls_verify_hostname, fqdn: hostname, allow_self_signed_cert: @tls_allow_self_signed_cert, - cert_paths: @tls_cert_path, + cert_paths: @tls_ca_cert_path, linger_timeout: @send_timeout, send_timeout: @send_timeout, recv_timeout: @ack_response_timeout, diff --git a/test/plugin/test_out_forward.rb b/test/plugin/test_out_forward.rb index 7a14a5614b..0ef2f2df96 100644 --- a/test/plugin/test_out_forward.rb +++ b/test/plugin/test_out_forward.rb @@ -153,6 +153,24 @@ def read_ack_from_sock(sock, unpacker) assert{ logs.any?{|log| log.include?(expected_log) && log.include?(expected_detail) } } end + test 'configure tls_cert_path is deprecated' do + conf = %[ + send_timeout 5 + transport tls + tls_insecure_mode true + tls_cert_path /tmp/dummy/cert.pem + + host #{TARGET_HOST} + port #{TARGET_PORT} + + ] + + d = create_driver(conf) + expected_log = "'tls_cert_path' parameter is deprecated: Use tls_ca_cert_path instead" + logs = d.logs + assert{ logs.any?{|log| log.include?(expected_log) } } + end + test 'compress_default_value' do @d = d = create_driver assert_equal :text, d.instance.compress From 71d202fe83216e91e968c04f6edf4a982ec27448 Mon Sep 17 00:00:00 2001 From: Kenji Okimoto Date: Wed, 21 Nov 2018 10:02:43 +0900 Subject: [PATCH 2/3] out_forward: Keep backward compatibility Signed-off-by: Kenji Okimoto --- lib/fluent/plugin/out_forward.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/fluent/plugin/out_forward.rb b/lib/fluent/plugin/out_forward.rb index 7e9bf8a772..c93706732a 100644 --- a/lib/fluent/plugin/out_forward.rb +++ b/lib/fluent/plugin/out_forward.rb @@ -167,6 +167,10 @@ def configure(conf) end if @transport == :tls + # for backward compatibility + if @tls_cert_path && !@tls_cert_path.empty? + @tls_ca_cert_path = @tls_cert_path + end if @tls_ca_cert_path && !@tls_ca_cert_path.empty? @tls_ca_cert_path.each do |path| raise Fluent::ConfigError, "specified cert path does not exist:#{path}" unless File.exist?(path) From 9d05f556494acff43626b42a8456467a275b6823 Mon Sep 17 00:00:00 2001 From: Kenji Okimoto Date: Wed, 21 Nov 2018 10:04:37 +0900 Subject: [PATCH 3/3] out_forward: Update test for checking backward compatibility Signed-off-by: Kenji Okimoto --- test/plugin/test_out_forward.rb | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/test/plugin/test_out_forward.rb b/test/plugin/test_out_forward.rb index 0ef2f2df96..1b9be7a123 100644 --- a/test/plugin/test_out_forward.rb +++ b/test/plugin/test_out_forward.rb @@ -9,6 +9,8 @@ class ForwardOutputTest < Test::Unit::TestCase def setup Fluent::Test.setup + FileUtils.rm_rf(TMP_DIR) + FileUtils.mkdir_p(TMP_DIR) @d = nil end @@ -16,6 +18,8 @@ def teardown @d.instance_shutdown if @d end + TMP_DIR = File.join(__dir__, "../tmp/out_forward#{ENV['TEST_ENV_NUMBER']}") + TARGET_HOST = '127.0.0.1' TARGET_PORT = unused_port CONFIG = %[ @@ -154,21 +158,25 @@ def read_ack_from_sock(sock, unpacker) end test 'configure tls_cert_path is deprecated' do + dummy_cert_path = File.join(TMP_DIR, "dummy_cert.pem") + FileUtils.touch(dummy_cert_path) conf = %[ send_timeout 5 transport tls tls_insecure_mode true - tls_cert_path /tmp/dummy/cert.pem + tls_cert_path #{dummy_cert_path} host #{TARGET_HOST} port #{TARGET_PORT} ] - d = create_driver(conf) + @d = d = create_driver(conf) expected_log = "'tls_cert_path' parameter is deprecated: Use tls_ca_cert_path instead" logs = d.logs assert{ logs.any?{|log| log.include?(expected_log) } } + assert_equal([dummy_cert_path], d.instance.tls_cert_path) + assert_equal([dummy_cert_path], d.instance.tls_ca_cert_path) end test 'compress_default_value' do