Class: Fluent::AnonymizerOutput

Inherits:
Output
  • Object
show all
Includes:
HandleTagNameMixin, SetTagKeyMixin
Defined in:
lib/fluent/plugin/out_anonymizer.rb

Constant Summary collapse

HASH_ALGORITHM = 
%w(md5 sha1 sha256 sha384 sha512 ipaddr_mask)
DIGEST = 
{
  "md5" => Proc.new { Digest::MD5 },
  "sha1" => Proc.new { Digest::SHA1 },
  "sha256" => Proc.new { Digest::SHA256 },
  "sha384" => Proc.new { Digest::SHA384 },
  "sha512" => Proc.new { Digest::SHA512 }
}

Instance Method Summary collapse

Constructor Details

#initializeAnonymizerOutput 



22
23
24
25
26
 
# File 'lib/fluent/plugin/out_anonymizer.rb', line 22

def initialize
  require 'digest/sha2'
  require 'ipaddr'
  super
end

Instance Method Details

#anonymize(message, algorithm, salt) ⇒ Object 



77
78
79
80
81
82
83
84
85
86
87
88
 
# File 'lib/fluent/plugin/out_anonymizer.rb', line 77

def anonymize(message, algorithm, salt)
  case algorithm
  when 'md5','sha1','sha256','sha384','sha512'
    DIGEST[algorithm].call.hexdigest(salt + message.to_s)
  when 'ipaddr_mask'
    address = IPAddr.new(message)
    subnet = address.ipv4? ? @ipv4_mask_subnet : @ipv6_mask_subnet
    address.mask(subnet).to_s
  else
    $log.warn "anonymizer: unknown algorithm #{algorithm} has called."
  end
end

#configure(conf) ⇒ Object 



28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/fluent/plugin/out_anonymizer.rb', line 28

def configure(conf)
  super

  @hash_keys = Hash.new
  conf.keys.select{|k| k =~ /_keys$/}.each do |key|
    hash_algorithm_name = key.sub('_keys','')
    raise Fluent::ConfigError, "anonymizer: unsupported key #{hash_algorithm_name}" unless HASH_ALGORITHM.include?(hash_algorithm_name)
    conf[key].gsub(' ', '').split(',').each do |record_key|
      @hash_keys.store(record_key, hash_algorithm_name)
    end
  end

  if @hash_keys.count < 1
    raise Fluent::ConfigError, "anonymizer: missing hash keys setting."
  end
  $log.info "anonymizer: adding anonymize rules for each field. #{@hash_keys}"

  if ( !@remove_tag_prefix && !@remove_tag_suffix && !@add_tag_prefix && !@add_tag_suffix )
    raise Fluent::ConfigError, "anonymizer: missing remove_tag_prefix, remove_tag_suffix, add_tag_prefix or add_tag_suffix."
  end
end

#emit(tag, es, chain) ⇒ Object 



50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'lib/fluent/plugin/out_anonymizer.rb', line 50

def emit(tag, es, chain)
  es.each do |time, record|
    @hash_keys.each do |hash_key, hash_algorithm|
      next unless record.include?(hash_key)
      record[hash_key] = filter_anonymize_record(record[hash_key], hash_algorithm)
    end
    t = tag.dup
    filter_record(t, time, record)
    Fluent::Engine.emit(t, time, record)
  end
  chain.next
end

#filter_anonymize_record(data, hash_algorithm) ⇒ Object 



63
64
65
66
67
68
69
70
71
72
73
74
75
 
# File 'lib/fluent/plugin/out_anonymizer.rb', line 63

def filter_anonymize_record(data, hash_algorithm)
  begin
    if data.is_a?(Array)
      data = data.collect { |v| anonymize(v, hash_algorithm, @hash_salt) }
    else
      data = anonymize(data, hash_algorithm, @hash_salt)
    end
  rescue StandardError => e
    $log.error "anonymizer: failed to anonymize record. :message=>#{e.message} :data=>#{data}"
    $log.error e.backtrace.join("\n")
  end
  data
end