From 537173a81b35c5584e983af161ec87309345d0f7 Mon Sep 17 00:00:00 2001
From: Kenji Okimoto <okimoto@clear-code.com>
Date: Fri, 16 Nov 2018 10:22:31 +0900
Subject: [PATCH] out_forward: Rename parameter tls_cert_path to
 tls_ca_cert_path

Clarify the meaning of the parameter.

See #1879 for more details

Signed-off-by: Kenji Okimoto <okimoto@clear-code.com>
---
 lib/fluent/plugin/out_forward.rb |  9 +++++----
 test/plugin/test_out_forward.rb  | 18 ++++++++++++++++++
 2 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/lib/fluent/plugin/out_forward.rb b/lib/fluent/plugin/out_forward.rb
index ca25092ccd..7e9bf8a772 100644
--- a/lib/fluent/plugin/out_forward.rb
+++ b/lib/fluent/plugin/out_forward.rb
@@ -91,7 +91,8 @@ class ConnectionClosedError < Error; end
     desc 'Verify hostname of servers and certificates or not in TLS transport.'
     config_param :tls_verify_hostname, :bool, default: true
     desc 'The additional CA certificate path for TLS.'
-    config_param :tls_cert_path, :array, value_type: :string, default: nil
+    config_param :tls_ca_cert_path, :array, value_type: :string, default: nil
+    config_param :tls_cert_path, :array, value_type: :string, default: nil, deprecated: "Use tls_ca_cert_path instead"
 
     config_section :security, required: false, multi: false do
       desc 'The hostname'
@@ -166,8 +167,8 @@ def configure(conf)
       end
 
       if @transport == :tls
-        if @tls_cert_path && !@tls_cert_path.empty?
-          @tls_cert_path.each do |path|
+        if @tls_ca_cert_path && !@tls_ca_cert_path.empty?
+          @tls_ca_cert_path.each do |path|
             raise Fluent::ConfigError, "specified cert path does not exist:#{path}" unless File.exist?(path)
             raise Fluent::ConfigError, "specified cert path is not readable:#{path}" unless File.readable?(path)
           end
@@ -324,7 +325,7 @@ def create_transfer_socket(host, port, hostname, &block)
           verify_fqdn: @tls_verify_hostname,
           fqdn: hostname,
           allow_self_signed_cert: @tls_allow_self_signed_cert,
-          cert_paths: @tls_cert_path,
+          cert_paths: @tls_ca_cert_path,
           linger_timeout: @send_timeout,
           send_timeout: @send_timeout,
           recv_timeout: @ack_response_timeout,
diff --git a/test/plugin/test_out_forward.rb b/test/plugin/test_out_forward.rb
index 7a14a5614b..0ef2f2df96 100644
--- a/test/plugin/test_out_forward.rb
+++ b/test/plugin/test_out_forward.rb
@@ -153,6 +153,24 @@ def read_ack_from_sock(sock, unpacker)
     assert{ logs.any?{|log| log.include?(expected_log) && log.include?(expected_detail) } }
   end
 
+  test 'configure tls_cert_path is deprecated' do
+    conf = %[
+      send_timeout 5
+      transport tls
+      tls_insecure_mode true
+      tls_cert_path /tmp/dummy/cert.pem
+      <server>
+        host #{TARGET_HOST}
+        port #{TARGET_PORT}
+      </server>
+    ]
+
+    d = create_driver(conf)
+    expected_log = "'tls_cert_path' parameter is deprecated: Use tls_ca_cert_path instead"
+    logs = d.logs
+    assert{ logs.any?{|log| log.include?(expected_log) } }
+  end
+
   test 'compress_default_value' do
     @d = d = create_driver
     assert_equal :text, d.instance.compress